Archives For security

Email Validation in PHP

June 10, 2010

A very common need in PHP-based Web applications is to validate email addresses. An email address, at its most basic contains the @ and a dot and no spaces or special characters, so it’s pretty easy coming up with a regular expression that will fit this most simple restriction. However, if you want a full-on precise regular expression, that takes an immense amount of code (the full email validation pattern takes up almost a page of code). An alternative, then is to use the EmailAddressValidation class, created by Added Bytes and now hosted on Google Code.

After you’ve downloaded the code and put it on your server, you use it like so:

require('/path/to/EmailAddressValidator.php');
$emailValidator = new EmailAddressValidator();
if ($emailValidator->check_email_address('test@example.org')) {
    // Email address is technically valid.
} else {
    // Email not valid.
}

I’ve been trying to write more about Web development security lately, in part because I’m going to be writing an “E-Commerce with PHP and MySQL” book this summer, so security is at the top of my mind. [intlink id=”1009″ type=”post”]In a previous post[/intlink], I made some suggestions as to how one develops and tests a site from a security perspective. Here I want to cover security as a general philosophy, so you understand that approach I take (and, therefore, the approach I would recommend you take). When I explain things, I think in terms of analogies. I’m pretty sure they don’t always work or help, but still, it’s what I do. And the analogy I have for Web site (or application) security is: Security is Next to Godliness. Which is to say, think of security the way you might think about cleanliness. Continue Reading…

There are two kinds of security that Web sites, applications, and operating systems can provide: perceived security and actual security. Perceived security is still important, because that’s what convinces users that it’s safe to, for example, provide their personal information to your Web site. But actual security is the key. Think of it as the difference between having a sign in front of your house saying it’s protected by a security system and actually having a security system. But if you’re anything like me, you’ve never tried to hack someone’s Web site and aren’t generally inclined to think like a person who would, so how do you make your sites secure? Here’s what I do… Continue Reading…

If you have an email address posted on a Web site, you’re almost guaranteed to get spam. Bots scour the Internet, looking through HTML source code to find email address to harvest. Web developers, meanwhile, are constantly trying new techniques to prevent this from happening. In this post, I discuss an interesting study in spam prevention, some of the available techniques, and the route I choose to go on a recent project. Continue Reading…

The other three posts in my Five JavaScript Tips in Five Days series for Peachpit Press have now been posted. The full set is: