Email Validation in PHP
A very common need in PHP-based Web applications is to validate email addresses. An email address, at its most basic contains the @ and a dot and no spaces or special characters, so it’s pretty easy coming up with a regular expression that will fit this most simple restriction. However, if you want a full-on precise regular expression, that takes an immense amount of code (the full email validation pattern takes up almost a page of code). An alternative, then is to use the EmailAddressValidation class, created by Added Bytes and now hosted on Google Code.
After you’ve downloaded the code and put it on your server, you use it like so:
require('/path/to/EmailAddressValidator.php');
$emailValidator = new EmailAddressValidator();
if ($emailValidator->check_email_address('test@example.org')) {
// Email address is technically valid.
} else {
// Email not valid.
}
Security is Next to Godliness
I’ve been trying to write more about Web development security lately, in part because I’m going to be writing an “E-Commerce with PHP and MySQL” book this summer, so security is at the top of my mind. In a previous post, I made some suggestions as to how one develops and tests a site from a security perspective. Here I want to cover security as a general philosophy, so you understand that approach I take (and, therefore, the approach I would recommend you take). When I explain things, I think in terms of analogies. I’m pretty sure they don’t always work or help, but still, it’s what I do. And the analogy I have for Web site (or application) security is: Security is Next to Godliness. Which is to say, think of security the way you might think about cleanliness. (continue reading…)
A Simple Approach to Site Security
There are two kinds of security that Web sites, applications, and operating systems can provide: perceived security and actual security. Perceived security is still important, because that’s what convinces users that it’s safe to, for example, provide their personal information to your Web site. But actual security is the key. Think of it as the difference between having a sign in front of your house saying it’s protected by a security system and actually having a security system. But if you’re anything like me, you’ve never tried to hack someone’s Web site and aren’t generally inclined to think like a person who would, so how do you make your sites secure? Here’s what I do… (continue reading…)
