Web & game design services from Leeds, Yorkshire
Web & game design services from Leeds, Yorkshire
Published Tuesday 10th December 2013
When handling form submissions that ask for a visitors email address, such as a registration form or mailing list sign-up, it's a good idea to verify those addresses. At the very least, you should check that the entered text is in the correct format for an email address, usually via regular expressions. Ideally, you should also check that the domain part of the address is a real mail server. To do this you can use the checkdnsrr() function of PHP. If the function returns a valid MX record, you can be sure that there's a real mail server on that domain.
Unfortunately IIS servers didn't have a checkdnsrr() function until PHP version 5.3 and many administrators haven't yet upgraded from the 5.2 series. Fear not, you can copy + paste the below to replicate this function!
if(!function_exists('checkdnsrr')) {
function checkdnsrr($host, $record = 'MX') {
if(!empty($host) && !empty($record)) {
exec("nslookup -type=$record $host", $res);
foreach ($res as $val) {
if(stristr($val, $host))
return true;
}
}
return false;
}
}
Ric is a senior web and game programmer with nearly 30 years industry experience and countless programming languages in his skillset. He's worked for and with a number of design and development agencies, and is the proprietor of QWeb Ltd. Ric is also a Linux server technician and an advocate of free, open-source technologies. He can be found on Mastodon where he often posts about the projects he's working on both for and outside of QWeb Ltd, or you can follow and support his indie game project on Kofi. Ric also maintains our Github page of useful scripts.
Blog posts are written by individuals and do not necessarily depict the opinions or beliefs of QWeb Ltd or its current employees. Any information provided here might be biased or subjective, and might become out of date.
Mary Grant, Wednesday 11th December 2013 08:02
Should that go on server here as part of picturepostbox as I get loads of spam (about 500 week). Would that stop the spoof e-mail addresses?
Ric, Wednesday 11th December 2013 09:40
It would definitely reduce the number of fake sign-ups but probably not general spam, unless it’s all going through the on-site contact form.
Your email address is used to notify you of new comments to this thread, and also to pull your Gravatar image. Your name, email address, and message are stored as encrypted text. You won't be added to any mailing list, and your details won't be shared with any third party.