I am a PHP programmer. Quite a seasoned developer if I say so myself. I have a background in computer science and have been doing commercial programming for almost 5 years now. So I have learnt a lot about programming and programming for the web. One of the things I love in an application is clean data. So that means trying to make sure no garbage data gets into your database. To do there are a lot of things you can do.
One example of this is email validation. On the surface email validation a simple task. Take the email address your user has typed in, apply some tests to it and make sure it’s valid. One of the ways to do this is with regular expressions. As with any data filtering or data filtering task, you can do something basic or you can try to cater for all cases. To give you an example of the complexity of email filtering, lets break down the parts of an email address. An email address consists of 3 parts: the user name, the @ symbol and the domain name. Simple enough. But to what extent do you want to make sure it’s clean? The most basic option is to check that it has those parts in the correct order. A level up from that is to do the previous check and then check that the user name contains only valid email address characters. From that you could also check that that the domain name is made up of two or more part separated by a dot. A step up from that is to do the previous three checks and check that domain has a valid domain extension. One up from that is to do all previous checks and then also check that the domain actually exists and resolves. This is all I am aware of but there might be additional checks you can do.
So anyways for simplicity sake lets just say you want to check the format is correct, the user name has valid characters and the domain name is made up of two or more parts. All of this could be achieved with a regular expression.
If you use PHP as I do, you could easily find a bit of code for this on the internet, hundreds maybe thousands of different iterations of code all claiming to do the same thing: Validate an email address.
The only problem is, I don’t trust source code found on individual’s pages on the web. I don’t know that user’s credentials. I don’t know what he knows, I don’t know what sources he used to build that code. Or if he used sources at all. And because it’s something that is seemingly so simple, it’s easy to not do it correctly. Unless it is a trusted library or comes from a person who I know to be of a specific standard, I won’t use that code. Otherwise, I want to be able to see the references used so that if it comes to it I can check that it claims to do what it says it does. If those references are there my test need to be even more rigorous than I would need for trusted components, meaning that I might as well have written it myself.
I noticed myself doing this the other day. Just a little tech… sigh… Tired of writing now. Guess I won’t be doing what little spell / sanity check I usually do.