PHP Tutorial: Form Verification And Simple Validation A One Page script for PHP form verification.

[iGuest 3]

Nice start, but lacking in too many areasPHP Tutorial: Form Verification And Simple Validation

Like not quoting array "subscripts". (this should ALWAYS be done)You should ALWAYS use mysql_real_escape_string() or some equivalent to prevent exploits when storing data in a database using SQL.There is no discussion of when you should or MUST use html_special_characters() or other similar functionality.You should also code for multiple/cross-browser support, so checking for isset($_POST[submit]) may not be enough, and will not work if the "submit button" is not an actual HTML type="submit".The original post was apparently written in 2006, so it's nice to at least see some more current information appended in the comments.

-reply by BeeDee

[Quatrux 4]

The best way to check if an email is valid is to send a confirmation email and if he got that email and will write down the confirmation email, you will know that his email is valid.

Even though it's possible to check the domain and etc. I saw those kind of scripts, but I never used them, I've read they're much slower, so who cares? If the user wants to register and use the service, he will use a valid email, otherwise he won't and you don't really need to care about it, a regular expression to at least check if the email is valid could be like this:

if (!preg_match("/^([a-z0-9._-pL](+[a-z0-9pL])*)+@[a-z0-9.-pL]+.[a-zpL]{2,6}$/iu", $Email)){// Error}

This is one of the best regexp's I've found on the Internet some years ago, if someone is using not a regular email, it's his own problem.

Furthermore, there are services like 10min email: https://10minutemail.com/10MinuteMail/index.html?dswid=-9675

With which you will go through a confirmation email, but later you won't ever send him an email, it's a users choice to use such an email, I use it myself, whenever I want to only once do something, download or read something and when I need to register to a service I don't care, I use this email and it's really comfortable, you could always write scripts to prevent emails from some domains which are used by this servers, but it's extra job for minor things.