Skip to main content
N
Newsgroup_User
Inspiring
January 2, 2007
Question

FAO:David Powers

  • January 2, 2007
  • 7 replies
  • 520 views
Can you explain how your email Pattern works, please?

$pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';


--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================



This topic has been closed for replies.

7 replies

N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
Murray *ACE* wrote:
> I used the Visibone page on RegEx, but couldn't put it all together as
> nicely as you did.

Regular expressions are a real pain to learn. The only book that really
teaches you how to use them is "Mastering Regular Expressions" by
Jeffrey Friedl. It's well written, but definitely not for the
faint-hearted. I've read it a couple of times, and my brain hurt for a
long time afterwards.

The problem lies in getting a pattern that matches exactly what you want
and nothing else. An earlier version of my regex matched email addresses
perfectly, but also let through the header injection code. That's why I
went for the negative approach in the end. It was easier to identify the
bad code than to create something that matched an email while excluding
the bad code at the same time.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/
N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
I used the Visibone page on RegEx, but couldn't put it all together as
nicely as you did.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns98ABDA1305562makowiecatnycapdotrE@216.104.212.96...
> On 01 Jan 2007 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:
>
>> Can you explain how your email Pattern works, please?
>>
>> $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
>
> Further - this article looks like it has a decent explanation:
>
> http://en.wikipedia.org/wiki/Perl_regular_expression_examples
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/email.php


N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
Yes - I have found that it's quite effective at doing that. Thanks for it,
David!

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"David Powers" <david@example.com> wrote in message
news:endeib$sd8$1@forums.macromedia.com...
> Joe Makowiec wrote:
>> So, translated into English (give or take):
>> Start at the beginning of a string. It has to have at least one non-@
>> character, then an @ sign, then at least one character which is not
>> whitespace, a CR, a LF, a single or double quote, a semicolon, a comma,
>> an @ sign or a % sign, after which the string can end.
>
> Yes, except that the string must end at that point.
>
> It's a very negative, defensive regex. In one sense it's as crude as the
> test in the Dreamweaver Validate Form behavior. It doesn't attempt to
> match the pattern of an email address except for checking that it
> contains an @ mark (and only one). So a@b would pass, even though it's
> not a valid email address.
>
> Email header injection uses a variety of techniques, including
> URL-encoding (hence the %), to insert extra headers when the email
> address is used as part of the From header in a mail processing script.
> The regex detects characters commonly used in injection attacks, but
> which are illegal in email addresses.
>
> --
> David Powers, Adobe Community Expert
> Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
> Author, "PHP Solutions" (friends of ED)
> http://foundationphp.com/


N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
Beautiful! Thanks, Joe.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com - Template Triage!
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
http://www.macromedia.com/support/search/ - Macromedia (MM) Technotes
==================


"Joe Makowiec" <makowiec@invalid.invalid> wrote in message
news:Xns98ABD4192BDE9makowiecatnycapdotrE@216.104.212.96...
> On 01 Jan 2007 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:
>
>> Can you explain how your email Pattern works, please?
>>
>> $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';
>
> '' - delimit the string for PHP
> // - delimit the regular expression (regex)
> ^ - beginning of string
> [^@]+ - [] define a group; in this context, ^means not; + means at
> least one of the preceding group. So the whole thing means 'At least
> one character which is not an at sign'.
> @ - character literal, so an at sign
> [^\s\r\n\'";,@%]+ - yet another group. Again, ^ means not. "\" is
> used as an escape character, as follows:
> \s: whitespace (any non-character value)
> \r: carriage return (0x0D)
> \n: linefeed (0x0A)
> \': single quote
> The rest are character literals; + again means 'at least one...'
> $ - end of string
>
> So, translated into English (give or take):
> Start at the beginning of a string. It has to have at least one non-@
> character, then an @ sign, then at least one character which is not
> whitespace, a CR, a LF, a single or double quote, a semicolon, a comma,
> an @ sign or a % sign, after which the string can end.
>
> --
> Joe Makowiec
> http://makowiec.net/
> Email: http://makowiec.net/email.php


N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
Joe Makowiec wrote:
> So, translated into English (give or take):
> Start at the beginning of a string. It has to have at least one non-@
> character, then an @ sign, then at least one character which is not
> whitespace, a CR, a LF, a single or double quote, a semicolon, a comma,
> an @ sign or a % sign, after which the string can end.

Yes, except that the string must end at that point.

It's a very negative, defensive regex. In one sense it's as crude as the
test in the Dreamweaver Validate Form behavior. It doesn't attempt to
match the pattern of an email address except for checking that it
contains an @ mark (and only one). So a@b would pass, even though it's
not a valid email address.

Email header injection uses a variety of techniques, including
URL-encoding (hence the %), to insert extra headers when the email
address is used as part of the From header in a mail processing script.
The regex detects characters commonly used in injection attacks, but
which are illegal in email addresses.

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/
N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
On 01 Jan 2007 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:

> Can you explain how your email Pattern works, please?
>
> $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';

Further - this article looks like it has a decent explanation:

http://en.wikipedia.org/wiki/Perl_regular_expression_examples

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php
N
Newsgroup_UserAuthor
Inspiring
January 2, 2007
On 01 Jan 2007 in macromedia.dreamweaver.appdev, Murray *ACE* wrote:

> Can you explain how your email Pattern works, please?
>
> $pattern = '/^[^@]+@[^\s\r\n\'";,@%]+$/';

'' - delimit the string for PHP
// - delimit the regular expression (regex)
^ - beginning of string
[^@]+ - [] define a group; in this context, ^means not; + means at
least one of the preceding group. So the whole thing means 'At least
one character which is not an at sign'.
@ - character literal, so an at sign
[^\s\r\n\'";,@%]+ - yet another group. Again, ^ means not. "\" is
used as an escape character, as follows:
\s: whitespace (any non-character value)
\r: carriage return (0x0D)
\n: linefeed (0x0A)
\': single quote
The rest are character literals; + again means 'at least one...'
$ - end of string

So, translated into English (give or take):
Start at the beginning of a string. It has to have at least one non-@
character, then an @ sign, then at least one character which is not
whitespace, a CR, a LF, a single or double quote, a semicolon, a comma,
an @ sign or a % sign, after which the string can end.

--
Joe Makowiec
http://makowiec.net/
Email: http://makowiec.net/email.php
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices