E
e_matthes
Hello everyone,
I've read enough about email validation to know that the only real
validation is having a user respond to a confirmation message you've
sent them. However, I want to store the address temporarily, so I want
to make sure what is entered is safe to work with. I have a basic
understanding of regexps, so I could write one that checks for a simple
format like: something followed by @ followed by something followed by
.. followed by something. I can also make a good guess at understanding
the regexps I come across in validation schemes people have posted.
However, each scheme that is posted seems to get criticized for
invalidating some esoteric, but valid, addresses.
I'm wondering if there is a minimum validation you can do that will
prevent basic attacks like sql injection attacks. For example, if I
weed out anything with single and double quotes, and semicolons, am I
barring some people unnecessarily? Seems like you'd be trying to mess
with people by putting a semicolon in your email address.
I know there are other steps to take in preventing attacks. Every
layer helps, though, so I'd like to do some reasonable email validation.
I've read enough about email validation to know that the only real
validation is having a user respond to a confirmation message you've
sent them. However, I want to store the address temporarily, so I want
to make sure what is entered is safe to work with. I have a basic
understanding of regexps, so I could write one that checks for a simple
format like: something followed by @ followed by something followed by
.. followed by something. I can also make a good guess at understanding
the regexps I come across in validation schemes people have posted.
However, each scheme that is posted seems to get criticized for
invalidating some esoteric, but valid, addresses.
I'm wondering if there is a minimum validation you can do that will
prevent basic attacks like sql injection attacks. For example, if I
weed out anything with single and double quotes, and semicolons, am I
barring some people unnecessarily? Seems like you'd be trying to mess
with people by putting a semicolon in your email address.
I know there are other steps to take in preventing attacks. Every
layer helps, though, so I'd like to do some reasonable email validation.