This question already has an answer here:
Regular expression to not allow spaces anywhere in the email
(1 answer)
Closed 4 years ago.
("^[_a-zA-Z0-9!#$%&'*+-/=?^_`{|}~;]+(\\.[_a-zA-Z0-9!#$%&'*+-/=?^_`{|}~;]+)*#[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*(\\.[a-zA-Z]{2,})$")
This is my regex for email field but I don't want to allow spaces in email. What I have to do please suggest me??
Unless you are trying to validate the email address as originating from a known domain, validating is practically impossible and bound to be frustrating for users with unusual addresses that your regex fails validation on.
For reference: https://davidcel.is/posts/stop-validating-email-addresses-with-regex/
Here is your current regex compared against a list of valid and invalid email addresses. As you can see, you failed to allow several, perfectly valid email addresses while still letting through around 30% of the invalid ones.
Related
I am struggling with one issue where I need to verify domain part should not all be numeric.
For example:
abc#123.com -> Invalid
abc#1abc.com -> valid
Regex:
^(?=(.{1,64}#.{1,255}))((?!.*?[._]{2})[!#$%&'*+\-\/=?\^_`{|}~a-zA-Z0-9}]{1,64}(\.[!#$%&'*+\-\/=?\^_`{|}~a-zA-Z0-9]{0,}(?<!\.)){0,})#((\[(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\])|((?!-)(?=.*[a-zA-Z])[a-zA-Z0-9-]{1,63}(?<!-)(\.(?!-)[a-zA-Z0-9-]{1,63}(?<!-)){1,}))$
Above regex need modification because there are some other validation which is working fine with above regex. Only thing is pending to validate domain part should not all numeric.
Updated:
After some research on above regex
I am able to segregate emails in to different groups. Now for group 10 need to add validation if all characters in group 10 string are aplha numeric.
Regex:
^(?=(.{1,64}#.{1,255}))((?!.*?[._]{2})[!#$%&'*+\-\/=?\^_`{|}~a-zA-Z0-9}]{1,64}(\.[!#$%&'*+\-\/=?\^_`{|}~a-zA-Z0-9]{0,}(?<!\.)){0,})#((\[(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}\])|((?!-)(?=.*[a-zA-Z])((?:.*[a-zA-Z0-9]))[a-zA-Z0-9-]{0,63}(?<!-)(\.(?!-)[a-zA-Z0-9-]{1,63}(?<!-)){1,}))$
Explore regex on : https://regex101.com/
TIA
There's no point in doing this - the fact that an email fulfills the requirements as set forth in RFC5322 does not mean it's a valid email address: The only way to know that, is to send an email to it, and have the user reply to it, follow a link inside it, or copy a code/token inside it.
Given that you have to do that anyway, that will also pick up any issues with invalid email addresses. Thus, the correct validation for email is:
Pattern.compile("^.+#.+\\..+$")
(Assuming you don't want single
and this does what you want, which is, filter out obvious incorrect entries, and that's all you need.
If you insist in continuing your mistake, there's always emailregex.com, which has the regex and explains how it works.
NB: Note that you're just wrong. 12345#678.cde can easily be valid - com may not allow you to register a domain that consists solely of digits, but it's not an inherent limitation of the DNS system: Domain parts can be all numbers. The top level domain cannot be, at least, for now, but any other part of it can be. Thus, rejecting foo#123.com is only possible if you program in, on a per-TLD basis, the exact rules. Which also means you need to sign up to the mailing list of every TLD operator to check for any changes they make. You'll be updating that regex every other week. Told you it's a silly thing to want to do!
u can use this to detect the invalid ones.
^\w+([-+.']\w+)*+#\d+.com
just change the .com to which postfix you like.
This question already has an answer here:
html password regular expression validation
(1 answer)
Closed 5 years ago.
I was wondering if I have a form and the form contain some inputs that I want the user to be only able to submit a type of inputs I select , Like if I want to make sure that the password contain at least a CAPITAL letter , a number , a symbol and at least 8 letters , How to make sure even if the Javascript is disabled by the user?
Brief
You'll want to minimalize the checking on the client-side. Any checking done at this point is pretty useless when security and/or validation is concerned. I would suggest doing a simple validation (such as minimum length) but nothing else as any method you try client-side can easily be circumvented.
Doing all your validation server-side prevents users from editing client-side code or disabling JavaScript to prevent validation. As an added bonus, if you do everything server-side (and use minimal validation client-side) it increases maintainability since you're only defining your patterns once and you don't have to worry about compatibility across multiple regex engines (which is a pain).
For example, character classes (such as \p{L}) allow you to specify groups of Unicode characters. These are fantastic when you're talking about ensuring your program works well with multiple languages (i.e. French and the inclusion of characters such as é), but they're not available in HTML or JavaScript!
You should:
Define the pattern once (coders don't like duplication)
Do the validation server-side (forget about true validation client-side, anything you implement at this step can easily be bypassed). KISS
When you're talking about password validation don't limit the characters to specific ranges (as your pattern would client-side using something like [A-Z]). You may think this increases password strength, but it may actually do exactly the opposite. Instead, allow users to use special characters as well (it's simple but using Ä is more secure than A).
Code
Client-Side
(?=.*[A-Z])(?=.*\d)(?=.*[^\w_]).{8,}
Although, honestly, I'd suggest simply using .{8,} and doing the checks solely on the server-side.
<form action="">
<input type="text" pattern="(?=.*[A-Z])(?=.*\d)(?=.*[^\w_]).{8,}" title="Must contain at least one uppercase letter, number and symbol, and at least 8 or more characters"/>
<input type="submit"/>
</form>
Server-Side
See regex in use here
^(?=.*\p{Lu})(?=.*\p{N})(?=.*[^\p{L}\p{N}\p{C}]).{8,}$
Usage
Where $str in the code below is the submitted password
$re = '^(?=.*\p{Lu})(?=.*\p{N})(?=.*[^\p{L}\p{N}\p{C}]).{8,}$';
if(preg_match($re, $str)) {
// Valid password
} else {
// Invalid password - provide user feedback and allow them to try again
}
Explanation
The HTML regex is just a simpler variation of the regex below (without using Unicode classes). I would, once again, suggest using .{8,} for the pattern in HTML and let PHP do the actual password validation.
^ Assert position at the start of the line
(?=.*\p{Lu}) Positive lookahead ensuring at least one uppercase Unicode character exists
(?=.*\p{N}) Positive lookahead ensuring at least one Unicode number exists
(?=.*[^\p{L}\p{N}\p{C}]) Positive lookahead ensuring at least one character that isn't a letter, number, or control character exists (includes punctuation, symbols, separators, marks)
.{8,} Match any character 8 or more times
$ Assert position at the end of the line
This is not simple to answer as it is written but here is the idea.
First check client-side using javascript, match it against the desired pattern before allowing submit. There are a handfull of libraries out there if you dont want to puzzle it out yourself.
Second, and to satisfy the no javascript issue, check server-side. The user may have gotten past your form with faulty data but a server-side check will ensure that it matches what you like before you actually make a change to your database.
This question already has answers here:
How can I validate an email address in JavaScript?
(79 answers)
Closed 7 years ago.
I have managed to write a regex which validates an email.
'/[a-zA-Z0-9]+[a-zA-Z0-9_-]+(#{1})[a-zA-Z]+(\.)(com){1}/'
I am finding it pretty difficult to frame complete regex for email validation.
The thing is, I think it would be better for me if there is an alternative to regex.
Can this validation be done efficiently using if/else statements (or other conditional statements)?
Is there a fool-proof alternative to regex?
Is there a best and fool-proof alternative to regex?
Pseudocode:
if (strpos($text, '#') === FALSE)
print("not an email for sure")
else
sendConfirmationEmailToVerifyItExists()
The best way to validate an email address is to send an email to it. Anything else will cause you to reject valid email addresses, because the rules are so complex.
HTML5 has the input type email:
<input type="email" ...>
This is supported in all browsers except safari.
With PHP, you can validate an email with:
$email = 'myEmail#gmail.com';
if (filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo 'Email is considered to be valid';
}
PHP Validation
Here is more about JavaScript email validation with a regex.
Notes:
Thinking about how should the regex look like for an email validation is not so easy. Other smart guys have spent their time with it. Just copy and paste the regex from a serious source (with permission), link to it, and you are done.
In short, no, there is no better way to play with strings other than regular expressions unless you are using a library/package that provides out of the box functions to use. Their utility/importance is simply reflected by the fact that they are available in all languages in one capacity or the other.
Here is the long answer.
Your question implies that your problem is not limited to validating an email address but rather validating strings using regular expressions.
First off, for an alternative, you can surely break a string up and treat it any way you like. All modern languages have a comprehensive list of string functions that you can use. However, you should also know that it will not be worth the effort and will make your code look messy.
Ultimately, you will wonder is there an easier and better way to do this to which the answer will be regular expressions.
As for them being hard to learn, I have met software professionals who have 10+ years industry experience but still use Google for their regular expression needs so you are not alone in that regard.
The only way to get better at them is to keep learning and practicing but isn't that the case with every skill?
In PHP, I use this function:
function validate_email($email)
{
return filter_var($email, FILTER_VALIDATE_EMAIL) === false ? false : true;
}
This question already has answers here:
How can I validate an email address in JavaScript?
(79 answers)
Closed 2 years ago.
greetings all
i want to validate an email with javaScript
and i need to use the best pattern for the matching
please suggest me a good pattern
In order for you to avoid reinventing the wheel I recommend this quality article on regular-expressions.info.
This ^([0-9a-zA-Z]([-\.\+\_\w]*[0-9a-zA-Z])*#([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$ should match most cases. I might get massively down-voted for not including every single edge case (email addresses can have all kinds of crazy combinations) but I don't think I'm exaggerating in saying this will match 99.99% of email addresses.
This is the standard validation regular expression: http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html for RFC 822 ;)
You probably want something more simple (taken from http://www.regular-expressions.info/email.html): /^[A-Z0-9._%+-]+#[A-Z0-9.-]+\.[A-Z]{2,4}$/i for JavaScript
What you might want to be wary of, if I remember correctly, is the fact that some email servers don't conform to RFC822, so being very strict on the validation might exclude some 'valid' email addresses. Depending on the level of validation that you need, it may be possible to just check that the email address has the correct basic format - something like one or more words separated by periods, followed by an # symbol, followed by two or more words separated by periods.
Having said this, you may also want to consider why you are validating the email address in the first place.
If you simply want to make sure that the user didn't type it incorrectly, then ask for the email address and a confirmation of the email address, then compare the two to decide whether the address is valid or not. (This is the strategy used by quite a lot of websites)
If you want to know whether the email address is real or not, as part of a registration process, then the registration could be made into a two step process, with a confirmation email being sent to the address that the user supplies in the frist step, and that email contains a link to the second step of the process.
I may be making wild assumptions about your needs, but I may just trigger the appropriate thought processes.
I know there are a lot of questions on here about email validation and specific RegEx's. I'd like to know what the best practices are for validating emails with respect to having the username+anythingelse#gmail.com trick (details here). My current RegExp for JavaScript validation is as follows, but it doesn't support the extra + in the handle:
/^([a-zA-Z0-9_.-])+#(([a-zA-Z0-9-])+.)+([a-zA-Z0-9]{2,4})+$/
Are there any other services that support the extra +? Should I allow a + in the address or should I alter the RegEx to only allow it for an email with gmail.com or googlemail.com as the domain? If so, what would be the altered RegEx?
UPDATE:
Thanks to everyone for pointing out that + is valid per the spec. I didn't know that and now do for the future. For those of you saying that its bad to even use a RegEx to validate it, my reason is completely based on a creative design I'm building to. Our client's design places a green check or a red X next to the email address input on blur of it. That icon indicates whether or not its a valid email address so I must use some JS to validate it then.
+ is a valid character in an email address. It doesn't matter if the domain isn't gmail.com or googlemail.com
Regexes aren't actually a very good way of validating emails, but if you just want to modify your regex to handle the plus, change it to the following:
/^([a-zA-Z0-9_.-\+])+#(([a-zA-Z0-9-])+.)+([a-zA-Z0-9]{2,4})+$/
As an example of how this regex doesn't validate against the spec: The email ..#-.com is valid according to it.
If you need to validate emails via regexp, then read the standard or at least this article.
The standard suggests to use this regexp:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")#(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
If that doesn't scare you, it should :)
I would tend to go with something along the lines of /.+#.+\..+/ to check for simple mistakes. Then I would send an email to the address to verify that it actually exists, since most typos will still result in syntactically valid email addresses.
The specs allow for some really crazy ugly email addresses. I'm often very annoyed by websites even complaining about perfectly normal, valid email addresses, so please, try not to reject valid email addresses. It's better to accept some illegal addresses than to reject legal ones.
Like others have suggested, I'd go with using a simple regexp like /.+#.+/ and then sending a verification email. If it's important enough to validate, it's important enough to verify, because a legal email address can still belong to someone other than your visitor. Or contain an unintended but fatal typo.
*Edit: removed the dot from the domain part of the regex, because a#to is still a valid email address. So even my super simplified validation rejected valid addresses. Is there any downside at all to just accepting everything that contains an # with something in front and behind it?
A very good article about this subject I Knew How To Validate An Email Address Until I Read The RFC