PHP email validation with filter_var() and preg_match()

Question

I am trying to build a form with good email validation, I am trying to use filter_var() combined with preg_match() , but with my if statement below it isn't working. Only one of the conditions is being met it seems. How else could I write this so that it works?

$email = (isset($scrubbed['email']))
    ? filter_var($scrubbed['email'], FILTER_VALIDATE_EMAIL, FILTER_SANITIZE_EMAIL)
    : NULL
;

if ((!$email) && (!preg_match("/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/", $email))) {
    echo 'Invalid Email Address, please correct errors';
} else {
    $email = strip_tags($scrubbed['email']);
}

Answer 1

What's the purpose of validating the email address again? PHP's filter_var() already allows all kinds of email variations and you'll possibly never create a regular expression that's even close to the one they use.

The email validation I use looks like the following (applied to your code):

<?php

if (isset($scrubbed["email"])) {

    // @see http://stackoverflow.com/a/574698/1251219
    if (strlen($scrubbed["email"]) > 254) {
        echo "The email address is too long: it must be 254 or less.";
    }

    // Validate syntax with PHP.
    if (($email = filter_var($scrubbed["email"], FILTER_VALIDATE_EMAIL)) === false) {
        echo "The email address has an invalid syntax.";
    }

    // Validate DNS reachability.
    $host = substr($email, strrpos($email, "@") + 1) . ".";

    if (!checkdnsrr($host, "A") && !checkdnsrr($host, "AAAA") && !checkdnsrr($host, "MX")) {
        echo "The email address is unreachable.";
    }
}

?>

Ever wondered what PHP's regular expression looks like?

/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD

More info can be found at Comparing E-mail Address Validating Regular Expressions .

Answer 2

if ((!$email) && (!preg_match("/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/", $email)))

should be

if ((!$email) || (!preg_match("/^[\w.-]+@[\w.-]+\.[A-Za-z]{2,6}$/", $email)))

...