User:Badcop666/1

From Wikipedia, the free encyclopedia

Reference to Quirksmode is a simple citation

Best practice in validating email addresses in web forms

Summary

verification of email addresses entered by users typically includes the following:

  • checking the email address entered against a regular expression or some simpler text format logic
  • checking that the domain name in the email address exists
  • sending an email to the entered email address containing a URL and/or code which activates or verifies the user's address
  • asking the email domain server if the mailbox exists

The advent of Ajax techniques has allowed what were server-side processes to be carried out in the client without requiring a page reload. Previously, javascript form validation would carry out some basic checks before handing off to the server for further (often repeated) checks.

This article invites submissions of examples of best-practice in the use of regular expressions and various client- and server-side techniques to validate email addresses.

Examples of RegExp's

Regexp is: /^([a-zA-Z0-9_\.\-])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/
although the site author warns of suspected issues with the regexp, they are comfortable that it will correctly check "99.5" of valid email addresses.

Advanced or alternative techniques

  • Using Ajax - the code overhead of client-side validation is small, however, it can often mean duplication of checks ( in javascript and then in whichever server-side language is being used). Ajax allows all testing to be deferred to the server-side. The same code can be run for an Ajax call verifying a single data item, and then again when the form is submitted. As well as regexp checks of the email address format, the server can perform checks against the email domain and mailbox name as mentioned above.

Further Reading

  • Wikipedia article on best-practice in general form validation html form validation