PHP Error Problem Options

[Mikeplyts]

So, I'm setting up a form for a user to change their e-mail address. However, there seems to be a conflict with the validation checking and the confirmation checking.

CODE

<?php
$email = $_POST['email'];
$confirm = $_POST['confirm'];

if (count($_POST) > 0) {
    if (!$email) $error = 'Please fill in your e-mail address.';
    else if (!$confirm) $error = 'Please retype your e-mail address.';
    else if ($confirm != $email) $error = 'Please make sure to retype your e-mail address correctly.';
    else if ((!$email == '' && (strstr($email, '@') || strstr($email, '.'))) || (!$confirm == '' && (strstr($confirm, '@') || strstr($confirm, '.')))) $error = 'Please use a valid e-mail address.';
    else {
        update('email');
        $to = $email;
        $subject = 'Your e-mail has been updated.';
        $message = 'Your e-mail address has been successfully changed.';
        $from = 'From: noreply@domain.com';
        mail($to, $subject, $message, $from);
        $error = '';
    }
}

else $error = '';
?>

$error is just echoed later in the page's markup, and update('email') is just a function I defined to update the MySQL database so it wouldn't really have anything to do with my problem. Anyhow, there seems to be some kind of issue between lines 8 and 9 (or 10, if you want to be technical). So, whenever I test it, I try to see if the validation works if the confirmation is correct. For example, I would type "test" in the email field, as well as in the confirm field. That would mean that the confirmation is correct, but for some reason, the validation doesn't do as it should (it should check to see if there's an @ symbol and a period, and if not, produce an error). And since "test" isn't considered a valid e-mail address, it should produce an error, but it doesn't.

I've tried switching the position of the codes, but nothin'. I even tried separating the validation checking code to check for just the email field, and another line for just the confirm field, but no dice. Hell, I even used all if statements. I'm kind of boggled, and some help would be appreciated.

Thanks.

[mipadi]

My PHP-fu is a bit rusty, but I think the issue is with your conditional, specifically this line:

CODE

!$email == ''

(And the equivalent line for $confirm.)

It seems that you want to make sure $email is not the empty string. However, the ! operator has higher-precedence than ==, so what you really wrote is this:

CODE

(!$email) == ''

Which translates to

CODE

false == ''

Which is always false.

What you want is this:

CODE

!($email == '')

But you can just use the not-equals operator to do that:

CODE

$email != ''

I'd fix that and see what happens.

[Mikeplyts]

Didn't seem to work, but I fixed it by just checking for the $email field since it gives an error if the confirmation doesn't match anyway. Oh, and, I gave both strstr() functions an ! operator. So:

CODE

    else if (!$email = '' && (!strstr($email, '@') || !strstr($email, '.'))) $error = 'Please use a valid e-mail address.';

Which works perfectly. Thanks anyway.

[fixtatik]

I'd just use a simple regex check:

CODE

if(!preg_match('~^.+?@[\w\.-]+\.[a-z]{2,4}$~', $email)) $error = 'Please use a valid e-mail address.';

It's not perfect, but to completely validate an email address, you'd need a nasty expression, since "hello world"@example.com and hello\@world@example.com are both valid.

[Mikeplyts]

Oh, true true. Thanks.