PHP RegEx:在电子邮件验证模式中查找漏洞 [英] PHP RegEx: Find Vulnerability Within Email Validation Pattern
问题描述
以下正则表达式模式(适用于PHP)用于验证任何电子邮件地址:
The following regex pattern (for PHP) is meant to validate any email address:
^[\w.-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}$
它说:匹配至少(一个或多个)大写和/或小写字母和/或句点,下划线和/或破折号后跟一个,只有一个@ ,然后是至少一个(或多个)大写和/或小写字母,和/或句号和/或下划线随后是一个且只有一个句点,然后是两到六个大写和/或小写字母。
It says: "match at least one (or more) of upper- and/or lower-case letters, and/or periods, underscores and/or dashes followed by one and only one @ followed by at least one (or more) of upper- and/or lower-case letters, and/or periods, and/or underscores followed by one and only one period followed by two to six upper- and/or lower-case letters.
这似乎与我能想到的任何电子邮件地址匹配。不过,这种正确处理的感觉可能是欺骗性的。能否向有知识的人士指出这种模式中我不知道的明显或不太明显的漏洞,这将使其无法按照预期的方式执行电子邮件验证?
This seems to match any email address I can think of. Still, this feeling of getting it right is probably deceptive. Can someone knowledgeable please point out an obvious or not-so-obvious vulnerability in this pattern that I'm not aware of, which would make it not perform the email validation the way it's meant to?
(预见可能的解决方案ponse,我知道filter_var()函数提供了更强大的解决方案,但在这种情况下,我对正则表达式特别感兴趣。)
(To foresee a possible response, I'm aware that filter_var() function offers a more robust solution, but I'm specifically interested in the regular expression in this case.)
注意:这是有关正则表达式PHP风格的理论性问题,而不是有关验证电子邮件的实际问题。我只想确定在这种情况下使用正则表达式的合理限制。
NOTE: this is a theoretical question about PHP flavor of regex, NOT a practical question about validating emails. I merely want to determine the limitations of what is reasonably possible with regex in this case.
谢谢!
推荐答案
使用正则表达式进行验证电子邮件很棘手
Using regular expression to validate emails is tricky
尝试以下电子邮件作为正则表达式的输入,即: ^ [\w .-] + @ [A-Za -z0-9 .-] + \。[A-Za-z] {2,6} $
Try the following email as an input to your regex ie:^[\w.-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}$
abc @ b ... com
您可以在 http://www.regular-expressions.info/email.html
如果您是针对某个应用执行此操作,则可以通过向提供的地址发送电子邮件来使用电子邮件验证,而不要使用非常复杂的正则表达式。
If you are doing this for an app then use email validation by sending an email to the address provided rather than using very complex regex.
这篇关于PHP RegEx:在电子邮件验证模式中查找漏洞的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
