PHP form email validation

Question

My mail form is still sending emails even if the email address is not valid. For example, if I fill in the email as "bob", and hit submit, my javascript validator gives a warning message, but the email still goes through. It ends up in my spam box as [email protected]

How can I validate the email address, and prevent submit if it does not validate?

I am new to php.

HTML:

 <div id="emailform">
                <h2>Confirm your purchase information</h2>
                <hr>
                <form method="post" name="contactform" action="mail_form.php" id="submit">
                <p>
                <label for='name'>Your Name:</label> <br>
                <input type="text" name="name">
                </p>
                <p>
                <label for='email'>Email Address:</label> <br>
                <input type="text" name="email">
                </p>
                <p>
                <label for='purchasecode'>Purchase Code:</label> <br>
                <input type="text" name="purchasecode">
                </p>
                <p>
                <label for='vendor'>Vendor Name:</label> <br>
                <select name="vendor">
                  <option value="" selected="selected"></option>
                  <option value="Amazon" >Amazon</option>
                  <option value="Barnes&Noble" >Barnes &amp; Noble</option>
                  <option value="Family Christian" >Family Christian</option>
                  <option value="Christianbook" >Christianbook.com</option>
                  <option value="LifeWay" >LifeWay</option>
                  <option value="BAM" >Books-A-Million</option>
                  <option value="Mardel" >Mardel</option>
                </select>
                </p>
                <button type="submit" id="submitbutton" name="submit" value="Submit" class="mainButton">SUBMIT</button><br>
                </form>

<!--            Code for validating the form
                Visit http://www.javascript-coder.com/html-form/javascript-form-validation.phtml
                for details -->
                <script type="text/javascript">
                var frmvalidator  = new Validator("contactform");
                frmvalidator.addValidation("name","req","Please provide your name");
                frmvalidator.addValidation("email","email","Please enter a valid email address");
                frmvalidator.addValidation("vendor","dontselect=000");
                frmvalidator.addValidation("purchasecode","maxlen=50");
                </script>
            </div>

PHP:

<?php
ini_set('display_errors',1);
 error_reporting(E_ALL);

if(!isset($_POST['submit']))
{
  //This page should not be accessed directly. Need to submit the form.
  echo "error; you need to submit the form!";
}
$name = $_POST['name'];
$email = $_POST['email'];
$purchasecode = $_POST['purchasecode'];
$vendor = $_POST['vendor'];


//Validate first
if(empty($_POST['name'])  ||
   empty($_POST['email']) ||
   empty($_POST['purchasecode']) ||
   empty($_POST['vendor']))
{
    echo "All fields are required.";
exit;
}

if(IsInjected($email))
{
    echo "Bad email value!";
    exit;
}

$email_from = $email;
$email_subject = "GDFY Purchase Confirmation";
$email_body = "New purchase confirmation from $name.\n".
    "Here are the details:\n\n Name: $name \n\n Email: $email \n\n Purchase Code: $purchasecode \n\n Vendor: $vendor";

$to = "[email protected]";//<== update the email address

$headers = "From: $email_from \r\n";
$headers .= "Reply-To: $email_from \r\n";
//Send the email!
mail($to,$email_subject,$email_body,$headers);
//done. redirect to thank-you page.
header('Location: index.html');

// echo "success";


// Function to validate against any email injection attempts
function IsInjected($str)
{
  $injections = array('(\n+)',
              '(\r+)',
              '(\t+)',
              '(%0A+)',
              '(%0D+)',
              '(%08+)',
              '(%09+)'
              );
  $inject = join('|', $injections);
  $inject = "/$inject/i";
  if(preg_match($inject,$str))
    {
    return true;
  }
  else
    {
    return false;
  }
}

?>

Javascript:

  $('#submit').submit(function() { // catch the form's submit event
      $.ajax({ // create an AJAX call...
          data: $(this).serialize(), // get the form data
          type: $(this).attr('method'), // GET or POST
          url: $(this).attr('action'), // the file to call
          success: function(response) { // on success..
              $('#emailform').html("<h2 style='text-align:center;'>Thank you!</h2><hr><p style='text-align:center;'>Thank you for submitting your purchase information.<br>We will send your free gifts soon!</p>"); // update the DIV
          }
      });
      return false; // cancel original event to prevent form submitting
  });

Seriously, use a decent mailer class like PHPMailer or Swiftmailer -- it does all this kind of stuff for you, and does it right. — Spudley
– Spudley, Commented Sep 4, 2013 at 14:21
if( // condition email == false) {echo "Bad email value!"; } else { // HERE YOUR MAIL SCRIPT } — Black Sheep
– Black Sheep, Commented Sep 4, 2013 at 14:21
You could use $email_check = "/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; instead of what you have or add to it, then use if(!preg_match($email_check,$email)){ die("Please enter a valid email address!"); } — Funk Forty Niner
– Funk Forty Niner, Commented Sep 4, 2013 at 14:26
if( // condition email == false) {echo "Bad email value!"; } else { // HERE YOUR MAIL SCRIPT }This seems to stop the bad emails from sending, however, my javascript still refreshes that div with a success message. How can I prevent this? — eloist
– eloist, Commented Sep 4, 2013 at 14:28
@eloist You need to check for valid characters. As in my example above (edited) comment. It works, but there's room for improvement. — Funk Forty Niner
– Funk Forty Niner, Commented Sep 4, 2013 at 14:32

Scalpweb · Accepted Answer · 2013-09-04 14:24:35Z

2

You can use filter_var :

if( filter_var('[email protected]', FILTER_VALIDATE_EMAIL) )
{
    Do_stuff();
}

answered Sep 4, 2013 at 14:24

Scalpweb

1,9711 gold badge12 silver badges14 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Community · Accepted Answer · 2017-05-23 12:16:33Z

0

I'd recommend filtering on both front and back end. Front end to prevent unnecessary hits to the server and to provide more effective and prompt feedback, and back end to catch anything that the Front-end lets through (since it can be bypassed)

My script of choice for the front end is jQuery Ketchup

On the back-end, filter_var works fine, as does regex if you're working with an older version of PHP.

edited May 23, 2017 at 12:16

CommunityBot

11 silver badge

answered Sep 4, 2013 at 14:29

bpeterson76

12.9k6 gold badges51 silver badges82 bronze badges

Comments

Funk Forty Niner · Accepted Answer · 2013-09-04 15:04:07Z

This is what I use and it works well, using Ajax and jQuery. You're welcome to use it and modify to suit.

Both HTML form and PHP handler are included.

HTML form

<!DOCTYPE html>

<head>

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script type="text/javascript">

$(document).ready(function(){

    $('#submit').click(function(){
        $('#success').hide(1);
        $.post("ajax_handler.php", $("#contact").serialize(),  function(response) {
            $('#success').html(response);
            $('#success').show(1000);
        });
        return false;

    });

});
</script>

<style>

html {
/*    height: 100%; */

height:auto;
}
body {
    background:#000;
/*  background: url(bg.png);
    background-repeat:repeat;*/
    margin: 0px;
    padding: 0px;
    height: 100%;
    color: #fff;
    font-family: Proxima, sans-serif;;
}


#empty {
    display:block;
    clear:both;
    height:150px;
    width:auto;
    background:none;
    border:none;
}


#contact ul{
    margin-left:10px;
    list-style:none;
}


#contact ul li{
    margin-left:0px;
    list-style:none;
}

</style>

</head>

<body>

<form id="contact" action="" method="post">
<ul>
    <li>
        <label for="name">Name:</label><br>
        <input id="name" type="text" name="name"  width="250" size="35" required/>
    </li>
    <li>
        <label for="email">Email:</label><br>
        <input id="email" type="text" name="email" width="250" size="35" required/>
    </li>
<br><br>
    <li>
        <label for="message">Message:</label><br>
        <textarea id="message" name="message" rows="6" cols="40" required></textarea>
    </li>
    <li><input type="button" value=" SEND " id="submit" /><input type="reset" value="Reset" name="reset">
<div id="success" style="color: yellow;"></div></li>
</ul>


</form>
</body>

</html>

Handler (ajax_handler.php)

<?php

if((empty($_POST['name'])) || (empty($_POST['email'])) || (empty($_POST['message']))){

die("<b>ERROR!</b> All fields must be filled.");

}

$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];

$name = strtolower($name);
$name = ucwords($name);

$to = '[email protected]';
$subject = 'Website message from: '.$name;
$message = 'FROM: '.$name." \nEmail: ".$email."\nMessage: \n".$message;
$headers = 'From: [email protected]' . "\r\n";

if (filter_var($email, FILTER_VALIDATE_EMAIL)) { 
mail($to, $subject, $message, $headers); 
echo "Thank you! Your email was sent $name.";
echo "<br>";
echo "This is the email you entered: <b>$email</b>";
}else{
// echo var_dump($_POST);
echo "<b>ERROR!</b> Invalid E-mail. Please provide a valid email addres. Example: [email protected]";
echo "<br>";
echo "The email <b>$email</b> you entered, is not valid.";
}

?>

gihansalith · Accepted Answer · 2014-05-08 09:46:53Z

0

$email = test_input($_POST["email"]); if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) { $emailErr = "Invalid email format"; }

you can use this Ihave tried just onw it's working

answered May 8, 2014 at 9:46

gihansalith

1,9205 gold badges20 silver badges21 bronze badges

Comments

dev4092 · Accepted Answer · 2014-05-08 09:50:06Z

0

Javascript validation
<script type="text/javascript">
var a = document.contact_form.txt_phoneno.value;
        if (a!="")
        {
        if(isNaN(a))
        {
        alert("Enter the valid Mobile Number(Like : 9566137117)");
        document.contact_form.txt_phoneno.focus();
        return false;
        }
        if((a.length < 10) || (a.length > 15))
        {
        alert(" Your Mobile Number must be 10 to 15 Digits");
        document.contact_form.txt_phoneno.select();
        return false;
        }
        }
</script>

answered May 8, 2014 at 9:50

dev4092

2,9111 gold badge18 silver badges15 bronze badges

Comments

antelove · Accepted Answer · 2017-07-30 03:07:37Z

0

try this preg match

$email = test_input($_POST["email"]);
if (!preg_match("/^[\w-]+[@]+[a-z]+\.+[a-z]*$/", $email)) {
  return false; 
  //exit;
}

answered Jul 30, 2017 at 3:07

antelove

3,37830 silver badges20 bronze badges

1 Comment

always-a-learner Over a year ago

Please add more detail regarding your answer. @Antelove

Collectives™ on Stack Overflow

PHP form email validation

6 Answers 6

Comments

Comments

HTML form

Handler (ajax_handler.php)

Comments

Comments

Comments

1 Comment

Linked

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

Comments

Comments

HTML form

Handler (ajax_handler.php)

Comments

Comments

Comments

1 Comment

Linked

Related