Hey all, I'm trying a little project to help improve my php and mysql knowledge.
I'm struggling with email validation and security.
I'm looking to check if an email is valid or not before I add the ability to add it into a database.
What I have so far:
<?php
$errormsg ="";
if (isset($_POST['adduser'])){
$email = mysql_real_escape_string($_POST['email']);
$pword = mysql_real_escape_string($_POST['pword']);
$pword2 = mysql_real_escape_string($_POST['pword2']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
if ($email == "") {
$errormsg ="Error, You must fill in the email box.";
}
else if ($pword == "") {
$errormsg ="Error, You must fill in the password box.";
}
else if ($pword2 == "") {
$errormsg ="Error, You must fill in the repeat password box.";
}
else if ($pword != $pword2) {
$errormsg ="Error, Your passwords don't match!";
}
else {
$errormsg = "Success!";
}
} else {
$errormsg = "Invalid email format, please use a valid email address.";
}
}
?>
This always outputs the error message "Error, You must fill in the email box" now, however without the Filter_Validate_email it outputs success when all boxes are filled in.
Anyone got any help on a ) whats going wrong and b ) any other security features I can add?
Thanks!
