I have a password reset form and a user can enter either there username or email in one text box.

One problem i am having is with validating the data.

I have a username regex function that works fine to validate username and uses php's inbuilt FILTER_VALIDATE_EMAIL.

Basically when a user submits form i want it to validate against the username regex OR php's filter_validate_email.

My validation code is this:

if (!preg_match(constant("USERNAME_REGEX"), $username_email) || !filter_var($username_email , FILTER_VALIDATE_EMAIL)) {
$error .= "Username/Email invalid format <br />";

Problem i am having is if i enter a valid email or valid username i still get the error shown in code above.

I am not sure what i can do. Can anyone suggest anything? I guess it's because i am asking PHP to validate it against two things that are conflicting with each other.

I wanted to validate it like this to avoid malicious submissions as i use regex validations throughout my site with other things like mysql_escape_string() etc.

I can only think of creating a regular expression combining the username pattern and a email pattern in one but i not got a clue about creating a regex pattern to validate an email.

My username regex is this:

// username regular expression
define('USERNAME_REGEX', '/^[a-z][\w\.\*\-\_]{2,14}$/i');

I know there are many email reg patterns online but don't know which ones are best and work as they should. Plus some are overly complex.


Edited by phplover: n/a

6 Years
Discussion Span
Last Post by phplover

My opinion is that you should just mysql_real_escape_string() the input and that's all. Proceed with looking up for DB.

Edited by Javvy: n/a



I do use mysql_real_escape_string() aswell but to what i have learnt over past year or so it should not be relied upon on it's own as i here it's still easy to perform malicious queries etc even using mysql_real_escape_string(); .

Maybe someone can clairfy that ?



I don't see how validating the input will help but if your username 'rule' and email 'rule' is different, you will definitely fail if there's only 1 input.

You can
- include a radio button for user to indicate what he is submitting (and perform the validation)
- check for '@': if '@' is present, do a email validation else username validation.


Thanks Javvy will do either one of those you posted.


This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.