Now, what happens if we test a string with a newline character in it? As it turns out, this is exactly what we've asked the regex to match, but we didn't want this behaviour. someone can have a username with a newline in it." For starters this will probably display weirdly anywhere you use their username, but more importantly it opens your application to an injection attack.
See the URL Standard if you’re looking to parse URLs in the same way that browsers do.
Assume that this regex will be used for a public URL shortener written in PHP, so URLs like shouldn’t pass (even though they’re technically valid).
This is to verify that I actually own that email address before my account is activated.
Also, single weird leading and/or trailing characters aren’t tested for. Think about it this way: I register for your website under the email address . That’s probably going to bounce off of the illustrious mail daemon, but the formatting is fine; it’s a valid email address.To fix this problem, you implement an activation system where, after registering, I am sent an email with a link I must click.Here are some simple steps to make the process more secure.If the purpose of registration is to confirm that the person exists, and that they have supplied a valid email address, then as part of the registration processe you a should either email them a random password or a confirmation token rather than letting them choose their own password and use it immediately.
They can get ridiculously convoluted as in the case above and, according to the specification, are often too strict anyway.