Blog
Validating an email address in ASP using a regular expression
22 September 2006
Users of websites can be a pain in the backside. They either don't know their own email address, can't type it in properly, or sometimes would rather not enter it onto a system so they put "no way" or something less polite into a form instead.Its good to be able to validate these email addresses to spot typos by users. Its not possible to validate that the email address actually exists, or belongs to the person filling in the form at this stage (if we need to do that we send them an email with a link they must click to confirm they received the mail). But being able to spot a typo in the email address will enable a user to correct it before it enters the system. We also have the added security of filtering out any possible hacks they might attempt by entering a malformed email address.
ASP supports "regular expressions" using a component called RegExp. Regular expressions are a standard way of notating rules for validating a string. For example you could use a regular expression to remove HTML from submitted text, or to check for the presence of certain words.
We started by using this regular expression, which served us well for quite a time.
^[\w-\.]{1,}\@([\da-zA-Z-]{1,}\.){1,}[\da-zA-Z-]{2,6}$
It attempts to describe the permitted syntax of an email address. It will disallow common mistakes like the presence of spaces, or lack of an @ character.
Recently we had a client inform us that a candidate with an apostrophe in their email address who was attempting to sign up on his site was being told that the address was not valid. Despite apostrophes not being permitted in domain names (and hence the part of an email address after the @ character), apostrophes ARE permitted in the local part of the email address. Such names are common in Ireland, and in Europe:- O'Connor, O'Brien, D'Costa, etc. So an address like paddy.o'brien@madeupdomain.com is perfectly valid.
The permitted syntax of email address is defined in a document called RFC822. A perfect regular expression complies with RFC822 precisely - but unfortunately it runs to 6343 characters (see RFC822 regex).
Since our previous regular expression had been perfectly adequate, save for the problem with apostrophes, we searched for a more concise solution, and found another on BreakingPar.com. This was in javascript, but a couple of small modifications (a different way of escaping the double quote character) enable its use in ASP.
Note this code should be on one single line.
^(([^<>()[\]\\.,;:\s@""]+(\.[^<>()[\]\\.,;:\s@""]+)*)|("".+""))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$"
This code can be used to construct a simple function in ASP vbscript for validation of an email address. It returns True if the email is valid, otherwise it returns False.
'-----------------------------------------------
'CHECK IS VALID EMAIL ADDRESS FORMAT
'-----------------------------------------------
Function CheckIsEmail(strEmailAddress)
Dim regEx, retVal
Set regEx = New RegExp
'# note the regex below must be on one single line
'# it is shown wrapped on this web page
regEx.Pattern ="^(([^<>()[\]\\.,;:\s@""]+(\.[^<>()[\]\\.,;:\s@""]+)*)|("".+""))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$"
regEx.IgnoreCase = true
blnReturnValue = regEx.Test(strEmailAddress)
CheckIsEmail = blnReturnValue
End Function
Using this function won't stop people claiming they are bill@microsoft.com. But it will catch small silly typos that users often make, and then later wonder why they aren't getting the emails from your system that they expected. And it won't exclude our Irish and continental friends either.