Validate email address form submit

Question

I've got a simple form that enables users to enter a promotional code and email address to be signed up to an email as follows. But at present it doesn't validate the email correctly.

There is an include file doreferral.asp that; Checks to see if the code they entered exists in a table of promotional codes and also Checks to see if the email address already exists.

I have added emailValidate to check to see if the email address is valid and if not, and then tell the user in the <%=sys_message%>.

However, it's currently stopping genuine emails so the validation isn't working. :S

My doreferral.asp looks like this;

<%
    Code            = replace(request.Form("Code"),"'","")
    Email       = replace(request.Form("Email"),"'","")

    sys_message = ""
    submission = ""

    ''//Check the submitted code against existing ones in the database
    set conn = server.CreateObject("ADODB.connection")
    conn.open(application("DATABASE"))
    qs = "SELECT COUNT(AgentReferralCode) AS 'CountCodes' FROM Customers WHERE AgentReferralCode = '" & Code & "'"
    set rs = conn.Execute(qs)

    CountCode = rs("CountCodes")

    set rs = nothing
    conn.close
    set conn = nothing

    If(CountCode < 1) Then
        sys_message = sys_message & "<p class='err'>The agent code does not exist.</p>"
    End If

''//Check to see if the email address is valid
Dim emailValidate
emailValidate = 0 'Initializing goby to 0

''//if the len is less than 5 then it can't be an email
''//(i.e.: [email protected]) 
If Len(session("Email")) <= 5 Then
   emailValidate = 1
End If

If InStr(1, session("Email"), "@", 1) < 2 Then
    'If we find one and only one @, then the
    'email address is good to go.
    emailValidate = 1
Else
    If InStr(1,session("Email"), ".", 1) < 4 Then
        'Must have a '.' too
         emailValidate = 1
    End If
End If

If emailValidate <> 0 then 
    sys_message = sys_message & "<p class='err'>The email address is not valid.</p>"
End If

    ''//Check the submitted email against existing ones in the database
    set conn = server.CreateObject("ADODB.connection")
    conn.open(application("DATABASE"))
    qs = "SELECT COUNT(ReferredEmail) AS 'Count' FROM TenantReferral WHERE ReferredEmail = '" & Email & "'"
    set rs = conn.Execute(qs)

    countEmail = rs("Count")

    set rs = nothing
    conn.close
    set conn = nothing

    If(countEmail >= 1) Then
        sys_message = sys_message & "<p class='err'>This email address has already been referred.</p>"
    End If  

    ''//Only Process the SQL if there is no sys_message
    If(sys_message = "") Then

        SQLfields = SQLfields & "ReferredCode, "
        SQLvalues = SQLvalues & "'"& Trim(Code) &"', "
        SQLfields = SQLfields & "ReferredEmail"
        SQLvalues = SQLvalues & "'"& Trim(Email) &"'"

        SQL = SQL & "INSERT into TenantReferral ("& SQLfields &") VALUES ("& SQLvalues &")"
        'response.Write(SQL)

        set conn = server.CreateObject("ADODB.connection")
        conn.open application("DATABASE")
        SET rs = conn.execute(SQL)

        [Send email code]


        sys_message = sys_message & "<p class='ok'>Thank you for your referral.</p>" 
        submission = "ok"
        'response.Redirect("referral.asp")
    End If
%>

I wondered if anyone might be able to help debug the emailValidate functionality to check if the email address is valid?

Thank you.

Answer 1

Something like this does basic regex validation. You can get fancier and do dns lookups but for most purposes this is enough:

  Function validate(eaddr)
  dim isValidE
  dim regEx

  isValidE = True
  set regEx = New RegExp

  regEx.IgnoreCase = False

  regEx.Pattern = "^[-+.\w]{1,64}@[-.\w]{1,64}\.[-.\w]{2,6}$"
  isValidE = regEx.Test(eaddr)

  validate= isValidE
  End Function

Regex borrowed from here: http://tiffanybbrown.com/2006/12/12/a-better-regex-pattern-for-matching-e-mail-addresses/