The following regex pattern (for PHP) is meant to validate any email address:
^[\w.-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}$
It says: "match at least one (or more) of upper- and/or lower-case letters, and/or periods, underscores and/or dashes followed by one and only one @ followed by at least one (or more) of upper- and/or lower-case letters, and/or periods, and/or underscores followed by one and only one period followed by two to six upper- and/or lower-case letters.
This seems to match any email address I can think of. Still, this feeling of getting it right is probably deceptive. Can someone knowledgeable please point out an obvious or not-so-obvious vulnerability in this pattern that I'm not aware of, which would make it not perform the email validation the way it's meant to?
(To foresee a possible response, I'm aware that filter_var() function offers a more robust solution, but I'm specifically interested in the regular expression in this case.)
NOTE: this is a theoretical question about PHP flavor of regex, NOT a practical question about validating emails. I merely want to determine the limitations of what is reasonably possible with regex in this case.
Thank you in advance!
Using regular expression to validate emails is tricky
Try the following email as an input to your regex ie:^[\w.-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}$
You can read more about email regex validation at http://www.regular-expressions.info/email.html
If you are doing this for an app then use email validation by sending an email to the address provided rather than using very complex regex.