CodeSOD: Where is the Validation At?

, Software Pundits
This post was originally published on this site

The Daily WTF

As oft stated, the “right” way to validate emails is to do a bare minimum sanity check on format, and then send a verification message to the email address the user supplied; it’s the only way to ensure that what they gave you isn’t just syntactically valid, but is actually usable.

But even that simple approach leaves places to go wrong. Take a look at this code, from Lana.

public function getEmailValidationErrors($data): array { $errors = []; if (isset($data[“email”]) && !empty($data[“email”])) { if (!str_contains($data[“email”], “@”)) { $error[“email”] = “FORM.CONTACT_DETAILS.ERRORS.NO_AT”; } if (!str_contains($data[“email”], “.”)) { $error[“email”] = “FORM.CONTACT_DETAILS.ERRORS.NO_DOT”; } if (strrpos($data[“email”], “@”) > strrpos($data[“email”], “.”)) { $error[“email”] = “FORM.CONTACT_DETAILS.ERRORS.NO_TLD”; } } if (isset($data[“email1”]) && !empty($data[“email1”])) { if (!str_contains($data[“email1”], “@”)) { $error[“email1”] = “FORM.CONTACT_DETAILS.ERRORS.NO_AT”; } if (!str_contains($data[“email1”], “.”)) { $error[“email1”] = “FORM.CONTACT_DETAILS.ERRORS.NO_DOT”; } if (strrpos($data[“email1”], “@”) > strrpos($data[“email1”], “.”)) { $error[“email1”] = “FORM.CONTACT_DETAILS.ERRORS.NO_TLD”; } } if (isset($data[“email2”]) && !empty($data[“email2”])) { if (!str_contains($data[“email2”],

To read the full article click on the 'post' link at the top.

Date

You May Also Like

A Tapestry of Threads

Error'd: Are You Old Enough to Know Better?

Perfect Uptime

Classic WTF: Working Around, Over and Through the Process

CodeSOD: Constantly Magic

CodeSOD: In House Refactoring

More Posts From: Software Pundits

Error'd: No Time Like the Present

CodeSOD: Don't Date Me

CodeSOD: Expressing a Leak

Representative Line: Broken Up With

COGNOS: Fast, Private & On-Demand Answers for Business Operations

CodeSOD: Where is the Validation At?