ASPit - Totally ASP JSit - Totally JavaScript
Search PHPit

Use this textbox to search for articles on PHPit. Seperate keywords with a space.


Check for a valid e-mail address

This function is used to check if an e-mail address is valid. It’s been created by Dave Child, and it’s probably one of the best e-mail validation functions out there (it actually follows all the specifications).

function valid_email($email) {
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$"$email)) {
// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
return false;
// Split it into sections to make life easier
$email_array explode("@"$email);
$local_array explode("."$email_array[0]);
  for (
$i 0$i sizeof($local_array); $i++) {
     if (!
ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$"$local_array[$i])) {
  if (!
ereg("^\[?[0-9\.]+\]?$"$email_array[1])) { // Check if domain is IP. If not, it should be valid domain name
$domain_array explode("."$email_array[1]);
    if (
sizeof($domain_array) < 2) {
false// Not enough parts to domain
    for (
$i 0$i sizeof($domain_array); $i++) {
      if (!
ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$"$domain_array[$i])) {

8 Responses to “Check for a valid e-mail address”

  1. PHPit - Totally PHP » PHP Security: Basic PHP Security Says:

    […] The possibility to inject any dangerous data into our script has already been greatly diminished, by checking the data. The valid_email() function is a standard validation function, which can be found in the PHPit Code Snippet Database. […]

  2. lavercq Says:

    I woulb be sure that any malicious spammeur can’t use my email address on my web site…
    is your script secured sufficiently to forbid this use ?
    Thank’s a lot.

  3. taaniel Says:


    i think “[email protected]″ is not valid email address but valid_email(’[email protected]′) returns TRUE

    With best wishes,

  4. TheUndefined Says:

    I’ve made some changes to the domain check part that i found usefull
    now the IP has to 4 of the kind of form

    if (!ereg(”^\[?([0-9]{1,3}\.){3}[0-9]{1,3}\]?$”, $email_array[1])) {
    if (!ereg(”^([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9]\.)+([A-Za-z]{2,4}|museum|travel)$”, $email_array[1])) {
    return false;
    // TODO: the domain part is syntacticly valid, now do the reverse DNS
    // full domain in $email_array[1]

  5. sdfsf Says:

    [?([0-9]{1,3}\.){3}[0-9]{1,3}\]?$”, $email_array[1])) {
    if (!ereg(”^([A-Za-z0-9][A-Za

  6. Pádraic Says:

    Another take which follows the RFC for email formats…

  7. Rick Stockton Says:

    Padraic’s Partholan page is now 404.

    There’s a pretty basic failure in the original code posted here on May 2, 2006: Per the RFC (2822, Section 3.4) an address or person’s “display-name” can precede the traditional addr-spec which this code tests, as long as the addr-spec is then enclosed in Greater-Than Less-Than signs thus:


    We’ve all seen it a million times, an address such as this one:
    Rick Stockton

    It fails your function. In the case of such as email, we need to test only the portion between “”.

    I can’t program worth sh#^. But, I think the thing to do is check for “>” as the last char, and if it exists then (a) require that “

  8. Rick Stockton Says:

    Wow, your dang “stripper” just trashed key parts of my post where I mentioned the “Less-Than” character. In my example, my name “Rick Stockton” was followed by a spare space, then a Less-Than, then a Traditional Email Address of rick-atsign-mycompany-dot-com, and finally the Greater-Than character.

    My last sentence was saying that if the submitted address to test end with a Greater-Than, then (a) we require that ONE Less-Than character exist somewhere earlier in the string; and (b) if it does, then we extract and test just the substring between the Less-Than character and the terminating Greater-Than.

Leave a Reply