Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

emails can contain a ! --why?


Recommended Posts

i just had a few bouncebacks from order confirmation messages from customers.. because they did this:

[email protected]


as far as i know, you cannot register an email anywhere with a ! in it, but i tested my shop, and http://demo.oscommerce.com and yet i'm still allowed to pass through checkout.


i've tried adding something like:

return preg_replace("/[^a-zA-Z0-9s,]/", "", $valid_address);


to includes/functions/validations.php... but the email still passes through as being valid. any idea how to filter this?

Link to comment
Share on other sites

It may not be a customer oriented problem but could be a Base Encoding setting problem for mail in PHP.


We had a problem like this when using a WYSIWYG Editor for composing emails. After x number of characters and spaces it inserted an ! mark into the text of the email. We adjusted the mail settings in the code to Base64 and the ! marks disappeared.


But if it is people doing this then just delete their accounts, because you don't make that sort of mistake by accident - you have to hit the Shift Key and the number 1 to produce an exclamation mark.



Link to comment
Share on other sites

it never happens on my end, it's always a turd that adds extra characters to their address during registration (like you explained). i completely understand why they do it (a lot of stores i've purchased from in the past send me unwanted emails all the time) ... but i'd still like to lessen their chance of doing this by only allowing letters, numbers and dashes in an email address.


i'm not sure why the stock oscommerce even allows non alphanumeric junk in there.

Link to comment
Share on other sites

You are right.


The "stock" validations misses this.


This may be just a band-aid, but just under this line in the function:


	  // validate user

I placed this code:


	  if ( strstr($user,'!') ) {
	$valid_address = false;

And it returns false.


One reason they may be typing it is they're hitting <shift>1 instead of <shift>2 (the @ sign)

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.


"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -


"Headers already sent" - The definitive help


"Cannot redeclare ..." - How to find/fix it


SSL Implementation Help


Like this post? "Like" it again over there >

Link to comment
Share on other sites

that did the trick, thanks germ :)


how can i also strip "www." from email addresses too.

at least 2 times a week i have somebody sign up with an email address like this, and it bounces every time.


i tried:

if ( strstr($user,'!'|| 'www.') ) {


but it didn't work.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...