| Does case ever matter in an email address
Problem for form handler |
kiwibrit
msg:3768341 | 10:48 pm on Oct 17, 2008 (gmt 0) |
I want to block all AOL email addresses being entered in a form. In php it's easy enough - if (ereg("@aol\.com",$email)) {
header ('Location: http://www.example.com/toughmessage.htm');
} works well at blocking lower case email addresses. But what about someone who uses upper case? Well $email = strtolower($email);
if (ereg("@aol\.com",$email)) {
header ('http://www.example.com/toughmessage.htm');
} knocks that on the head. BUT. if I do a blanket change of all case to lower for all emails, would that ever cause problems for an email address that correctly had upper case letters in it - or in practice do all email handlers treat upper and lower case the same in email addresses? [edited by: encyclo at 12:02 am (utc) on Oct. 18, 2008]
[edit reason] fixed formatting [/edit]
|
encyclo
msg:3768386 | 12:11 am on Oct 18, 2008 (gmt 0) |
The domain name is always case-insensitive, so you have no problem with the part after the @. The part before the @ is theoretically case-sensitive - however, in practice it virtually never is. See RFC2821 [ietf.org]:
| The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. In particular, for some hosts the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged. |
|
I think you will find that you will have no problem in switching the entire email address to lower-case, but if you want to be really careful, you could just change the domain name to lower-case.
|
kiwibrit
msg:3768470 | 7:02 am on Oct 18, 2008 (gmt 0) |
Thanks encyclo.
|
kaled
msg:3768549 | 10:35 am on Oct 18, 2008 (gmt 0) |
Surely you can perform a case-insensitive test. Failing this, simply copy the email address, convert it to lower case and test the copy. If it passes the test, use the original email address (with whatever case was supplied by the user). Kaled.
|
kiwibrit
msg:3769251 | 10:07 pm on Oct 19, 2008 (gmt 0) |
FWIW, ignoring checks for injections here, I went: $email = $_POST['email'];
$email = strtolower($email);
if (ereg("@aol\.com",$email)) {
header ('http://www.example.com/toughmessage.htm');
exit;
}
else {
$email = $_POST['email'];
etc} So more or less what you suggested.
Quckn'n'dirty - but it works.
|
Receptional Andy
msg:3769255 | 10:12 pm on Oct 19, 2008 (gmt 0) |
You can remove the strtolower function entirely and instead use eregi [php.net] which is a case insensitive version of ereg (I prefer preg_match [php.net], myself, but no matter ;)) The only code you need is: if (eregi("@aol\.com",$_POST['email'])) {
header ('http://www.example.com/toughmessage.htm');
exit;
} |
|
Anything else should be handled by the rest of your script.
|
kiwibrit
msg:3769913 | 8:21 pm on Oct 20, 2008 (gmt 0) |
Receptional Andy, much better - thanks.
|
|
|
