Background
In June 2004, I posted an article titled Email Address Validation, which included a function for validating email addresses according to RFC 2822 and related documents. It tested only for technical validity, nothing more.
The post proved to be reasonably popular, generating a lot of comments and additions from other PHP developers. Unfortunately, I was not too hot at keeping up, and many improvments took too long to make it to the posted version of the function.
Why Revisit This?
There is still a need for validation of email addresses according to standards. ICANN's approval of their new gLTD program means that older email validation systems that checked for TLDs of 6 characters or fewer are now effectively broken. Domains, and as a result email validation, will be getting much more complicated.
So What's New?
I've incorporated suggestings from other developers who commented on the original article, and as a result it now validates email addresses much more accurately.
I've converted the function to a pretty basic object, which I hope will make it easier to read, understand, modify and also integrate into other systems. The domain validation could also be stripped out of the class easily for use as a domain name validator.
Next, I've created unit tests (PHPUnit) so the validation can be checked as it is changed. More cases need to be added, but it should cover all the basic items that should be allwed and disallowed. Of course, anyone can run this against their own validator(s) if they need to.
Finally, I've released the code under a New BSD License (similar to GPL but permits commercial use) on Google Code - php-email-address-validation/ - and I hope this allows other developers to add to and improve the existing code (suggestions and improvements can be left here or posted to the Google Group).
25 Comments
Great! I very much liked the first version and am looking forward to checking this one out. I apreciate that your code checks all posible address per the RFC, ip addresses / spaces / etc rather than the simple textnospace@textnospace.tld that most validators use. I translated the first version to javascript so that I could do client side validation and save the user a page load. (Always double-check server side!) I'll probably do that again and post it when I get around to it.
#1, Morgauo, United States, 15 July 2008. Reply to this.
the unmodified validator returns the following error message (php 4.4.8, safe_mode enabled):
Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or '}' in EmailAddressValidator.php on line 27
#2, josh, CGN, 17 July 2008. Reply to this.
Hi josh. I've not tested it with PHP4, just PHP5. You're very welcome to adapt it for PHP4 if you like - just let me know and I'll add you to the project so you can upload code.
#3, Dave Child, United Kingdom, 17 July 2008. Reply to this.
The GNU GPL doesn't prohibit commercial use. If it did, companies like RedHat wouldn't exist.
#4, Rich, United States, 17 July 2008. Reply to this.
@Rich: This is true, but the GPL restricts the terms of use more than BSD New (as I understand it). The difference is that with the BSD license a company can use this code commercially, and without attribution.
One down-side of that is that the BSD license allows proprietary knockoffs. People can sell this code, though they probably shouldn't. Once I took the step to release the code, I had to decide what license to best release it under, and the least restrictive made sense.
Future releases may be different - this is the first time I've ever done something like this. For now, I'm happy keeping things as open as possible and seeing how it goes.
#5, Dave Child, United Kingdom, 17 July 2008. Reply to this.
Thanks a lo for this useful code!
#6, Gualtiero, Italy, 26 July 2008. Reply to this.
How do I get the source code for the updated PHP email validation script?
#7, Martin Bean, United Kingdom, 1 August 2008. Reply to this.
Hi Martin. You need to go to Google Code (the link is in the post), and click on "source". Now, you can either use Subversion (recommended) - the URL will be on the source page - or you can click on "Browse" at the top to view the source online (you'll find the code in the "trunk" folder).
#8, Dave Child, United Kingdom, 1 August 2008. Reply to this.
Thanks for the validation script. Unfortunately it will find an email address like
hello@asd.c
valid, which is wrong from my point of view?! As far a I am concerned there should be a test which check whether the last part of the domain portion is within 2 to 4.
#9, Jens Thomas, Unknown, 7 August 2008. Reply to this.
Hi Dave,
Fantastic tool for its purpose. I am having one issue though. Is there any way you could custom license this for me asa GPL 2 version. I am going to integrate it to another GPL 2 platform and I am having license compatibility issue as the platform only accepts code that is GPL 2 licensed.
- Tim
#10, Tim Timalsina, United States, 28 August 2008. Reply to this.
Hi, great code! i was wondering if anything has been updated lately...
#11, Gilles, Netherlands, 2 September 2008. Reply to this.
i'm a newbie. your code is really difficult for me to understand, but i will try my best, i read almost comments, 4 years for a good function, great, i would be very happy if i were you, there are many comments !. At last, i want to say simple thing, thanks
#12, baonam, Viet Nam, 9 September 2008. Reply to this.
What advantages/disadvantages would this script have over the recently released PHP Filter extension? As far as I am aware it is bundled with php, and enabled by default, on all versions newer than 5.2.0 - but I believe it can be installed for any version of PHP?
http://uk2.php.net/manual/en/intro.filter.php
#13, Luke Armstrong, United Kingdom, 10 September 2008. Reply to this.
Over 2 Months and still no response?
#14, Luke Armstrong, United Kingdom, 19 November 2008. Reply to this.
Hi Luke. I'm not terribly good when it comes to responding to queries like yours. I've read it several times, but it's not a quick answer, so it goes in the "remember to do this later" section of brain. From where it presumably vanishes.
I don't know anything about the PHP Filter extension. I don't know how the "validate_email" filter specifically works. Certainly it would be easy to run the filter against the test cases in this project to see if it passed and failed correctly.
#15, Dave Child, United Kingdom, 19 November 2008. Reply to this.
Hi Luke. I've uploaded a file to the Google Group which contrasts the two libraries, and tests are easily added; just copy of of the lines with "new EmailAddressValidatorTest" and edit the new line as necessary. (The second argument specifies whether you expect the address to validate.)
The file can be found at
http://php-email-address-validation.googlegroups.com/web/alternativeTestFormat.php
#16, Chris (Jesdisciple), Unknown, 21 November 2008. Reply to this.
*"one of" the lines
#17, Chris (Jesdisciple), Unknown, 21 November 2008. Reply to this.
I've written a class also released on Google code under creative license that validates emails via SMTP.
http://code.google.com/p/php-smtp-email-validation/
It is meant to be used after you validate the syntax with the class provided here.
#18, Gabe, Fiji, 26 November 2008. Reply to this.
i want php code for step-by-step validation
#19, chiranjeevi, India, 2 February 2009. Reply to this.
Dave,
Thanks for your work on this function and for putting it in the public domain.
Have you compared your function against the test cases in RFC3696?
Also, I'm not sure about three of your test cases - maybe I'm misinterpreting the RFCs? More here: http://www.dominicsayers.com/isemail
#20, Dominic Sayers, London, UK, 10 February 2009. Reply to this.
I've now compiled 158 test cases (including Dave Child's for which I am grateful) and compared a number of email address validators against them: http://www.dominicsayers.com/isemail
The source code for my effort is here: http://code.google.com/p/isemail/source/browse/trunk
#21, Dominic Sayers, Unknown, 22 February 2009. Reply to this.
I used to have an email validation class that worked perfectly well until ICANN introduced new and longer gTLDs. That threw me into a big problem for some time until I fortunately found a way to update the script to accommodate longer domain names.
#22, Mexabet, Australia, 15 March 2009. Reply to this.
I it just me, or is the download on the googlegrousp page unavailable? I get no results when I click the 'downloads' link.
#23, Lea, Australia, 19 September 2009. Reply to this.
Dave,
The original post, its comments, this post and its comments have been so informative. Thank you for all your hard work on this.
I looked through your unit testing code (and the same applies to Dominic's unit tests) and found a small flaw. The key to a unit test is the test only tests one possible error, therefore the ()[]\;:,><@example.com test (line 114 of your tests and line 144 of Dominic's) test for 10 possible illicit characters in one test.
This is not a well designed test because any one character that matches an illicit character causes a false return from the validator. The proper way to test for all 10 illicit characters is to create 10 tests each containing only 1 of the characters. An example would be test,character@example.com. This would then fail because the comma is in the name side of the address and that is THE ONLY thing wrong with the address.
Thank you again for your hard work on this and the cheat-sheets... very handy when you don't always work with a particular technology.
#24, Stephen, United States, 22 October 2009. Reply to this.
I used your script in a website I created...
http://validemail.org/
#25, hm2k, 16 December 2009. Reply to this.