Hi,

I have a password reset form and a user can enter either there username or email in one text box.

One problem i am having is with validating the data.

I have a username regex function that works fine to validate username and uses php's inbuilt FILTER_VALIDATE_EMAIL.

Basically when a user submits form i want it to validate against the username regex OR php's filter_validate_email.

My validation code is this:

if (!preg_match(constant("USERNAME_REGEX"), $username_email) || !filter_var($username_email , FILTER_VALIDATE_EMAIL)) {
$error .= "Username/Email invalid format <br />";
}

Problem i am having is if i enter a valid email or valid username i still get the error shown in code above.

I am not sure what i can do. Can anyone suggest anything? I guess it's because i am asking PHP to validate it against two things that are conflicting with each other.

I wanted to validate it like this to avoid malicious submissions as i use regex validations throughout my site with other things like mysql_escape_string() etc.

I can only think of creating a regular expression combining the username pattern and a email pattern in one but i not got a clue about creating a regex pattern to validate an email.

My username regex is this:

// username regular expression
define('USERNAME_REGEX', '/^[a-z][\w\.\*\-\_]{2,14}$/i');

I know there are many email reg patterns online but don't know which ones are best and work as they should. Plus some are overly complex.

Thanks
PHPLOVER

My opinion is that you should just mysql_real_escape_string() the input and that's all. Proceed with looking up for DB.

Hi,

I do use mysql_real_escape_string() aswell but to what i have learnt over past year or so it should not be relied upon on it's own as i here it's still easy to perform malicious queries etc even using mysql_real_escape_string(); .

Maybe someone can clairfy that ?

Thanks
PHPLOVER

I don't see how validating the input will help but if your username 'rule' and email 'rule' is different, you will definitely fail if there's only 1 input.

You can
- include a radio button for user to indicate what he is submitting (and perform the validation)
- check for '@': if '@' is present, do a email validation else username validation.

Thanks Javvy will do either one of those you posted.

Thanks
PHPLOVER