Topic awaiting preservation: Really Solid Email Validation Regular Expression?

I am looking for a really solid email validation regular expression. I have worked with a bunch in the past, but none of them were what I would considerer hardened. Anyone have on that really follows the Standards?

Here are a couple that I came up with off the top of my head, but I am not sure if they do a good job at all.

^[a-zA-Z][\w\.-]*[\w]@[\w][\w\.-]*[\w]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$

^([a-zA-Z][\w-+]*\.?)+@([a-zA-Z][\w]\.)([a-zA-Z][\w]+\.?)+$

Could you share all your email based regex's?

Dan @ Code Town

this is what I usually use, no idea on how good it really is:

^(.+)@([^\(\);:,<>]+\.[a-zA-Z]{2,6})

<edit>
Btw, this might be of help http://www.rfc-editor.org/rfc/rfc2822.txt </edit>
/Dan

{cell 260} {Blog}
-{ ?The Internet treats censorship as a malfunction and routes around it.? (-Barlow, John Perry) }-

(Edited by DmS on 05-03-2005 18:24)

Woah!

Wouldn't that first .+ let something like

';DROP DATABASE *;@somewhere.com

in?

Might want to watch that.

Not going to get through that RFC in a day...

Dan @ Code Town

I have used this one from Trib's GN tutorial:

^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$

but now I look at it again that doesn't look like it would work too well for addresses ending in .info or .name and those other strange new TLDs. So I guess having 2-4 in the curly braces instead would be an idea?

Trib also links to an expression that is supposed to test for full RFC comliance, but the file seems to have disappeared and Google is no help finding it....

hmmm... cant edit...
making new post....

(Edited by GRUMBLE on 05-03-2005 21:00)

(Edited by GRUMBLE on 05-03-2005 21:00)

(Edited by GRUMBLE on 05-03-2005 21:09)

EDIT: seems as if there are parts that get autolinked, and the code tag doesnt show everything in the line.

i once found one that is quite long. i dont know much about how it performs in practice.

^[-_.[:alnum:]]+@((([[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]])\.)+(ad|ae|aero|af|ag|ai|al|am|an|ao|aq|ar|arpa|as|at|au|aw|az|ba|bb|bd|be|bf|bg|bh|bi|biz|bj|bm|bn|bo|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|com|coop|cr|cs|cu|cv|cx|cy|cz|de|dj|dk|dm|do|dz|ec|edu|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gb|gd|ge|gf|gh|gi|gl|gm|gn|gov|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|in|info|int|io|iq|ir|is|it|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|mg|mh|mil|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|museum|mv|mw|mx|my|mz|na|name|nc|ne|net|nf|ng|ni|nl|no|np|nr|nt|nu|nz|om|org|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|pro|ps|pt|pw|py|qa|re|ro|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|st|su|sv|sy|sz|tc|td|tf|tg|th|tj|tk|tm|tn|to|tp|tr|tt|tv|tw|tz|ua|ug|uk|um|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|yu|za|zm|zw)|(([0-9][0-9]?|[0-1][0-9][0-9]|number2[0-4][0-9]|number2Ron Gallant[0-5])\.){3}([0-9][0-9]?|[0-1][0-9][0-9]|number2[0-4][0-9]|number2Ron Gallant[0-5]))$

and this is from the official RFC specification

addr-spec = local-part "@" domain

local-part = atom *("." atom)

domain = atom *("." atom)

atom = all ASCII-chars from 33 to 126 exclusive specials

specials = "(" / ")" / "<" / ">" / "@"/ "," / ";" / ":" / "\" / <">/ "." / "[" / "]"

so if you can build a regexp from this one you are 100% sure its valid.

(Edited by GRUMBLE on 05-03-2005 21:10)

(Edited by GRUMBLE on 05-03-2005 21:10)

(Edited by GRUMBLE on 05-03-2005 21:13)

WarMage, well I never ever said I was any good with regexes...
But yes, looking at it again after a long time since I wrote it, I can only say that you seem to be so right, so right

However, I never ever trust DB-input with only something like this, without exception I'm running everything going to a db through other sanitizing checks.

A check like this is only to make sure that it's a format corresponding to a normal mailadress syntax, but it does need improvment, that's for sure

/Dan

{cell 260} {Blog}
-{ ?The Internet treats censorship as a malfunction and routes around it.? (-Barlow, John Perry) }-

One of my employees created this one directly from the spec, and I think it's about as good as it gets without trying to validate actual top-level domains:

/^[-^!#$%&'*+\/=?`{|}~.\w]+@[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])*(\.[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])*)+$/

-jiblet

For those of us who are COMPLETELY regex-phobic, could someone post a copy&pastable function using that?

function validate($email){

  $pattern = "^[-^!#$%&'*+\/=?`{|}~.\w]+@[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])*(\.[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])*)+$";



  if(ereg($pattern,$email)){

    return 1;

  }

  return 0;

}

Dan @ Code Town

Helpful stuff:

Check out the "form validation" tutorial here:
http://www.php-mysql-tutorial.com/

And the "validateEmail" PHP script on this page:
http://www.howtocreate.co.uk/php/

Here's the original function, short and sweet:

function is_valid_email( $email ) {
return preg_match( "/^[-^!#$%&'*+\/=?`{|}~.\w]+@[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])*(\.[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])*)+$/", $email );
}

(Edited by jiblet on 05-19-2005 17:05)

This thread reminds me how if I want to act like programming is some mystical black art ( which we all know it really isn't) I just show my audience any regular expression I'm working on.



.:[ Never resist a perfect moment ]:.