Why are people using regexp for email and other complex validation?

Question

There are a number of email regexp questions popping up here, and I'm honestly baffled why people are using these insanely obtuse matching expressions rather than a very simple parser that splits the email up into the name and domain tokens, and then validates those against the valid characters allowed for name (there's no further check that can be done on this portion) and the valid characters for the domain (and I suppose you could add checking for all the world's TLDs, and then another level of second level domains for countries with such (ie, com.uk)).

The real problem is that the tlds and slds keep changing (contrary to popular belief), so you have to keep updating the regexp if you plan on doing all this high level checking whenever the root name servers send down a change.

Why not have a module that simply validates domains, which pulls from a database, or flat file, and optionally checks DNS for matching records?

I'm being serious here, why is everyone so keen on inventing the perfect regexp for this? It doesn't seem to be a suitable solution to the problem...

Convince me that it's not only possible to do in regexp (and satisfy everyone) but that it's a better solution than a custom parser/validator.

Answer 1

Regexps are much faster to use, of course, and they only validate what's specified in the RFC. Write a custom parser? What? It takes 10 seconds to use a regexp.

Answer 2

Regexs that catch most (but not all) common error are relatively easy to setup and deploy. Takes longer to write a custom parser.

Answer 3

They do it because they see "I want to test whether this text matches the spec" and immediately think "I know, I'll use a regex!" without fully understanding the complexity of the spec or the limitations of regexes. Regexes are a wonderful, powerful tool for handling a wide variety of text-matching tasks, but they are not the perfect tool for every such task and it seems that many people who use them lose sight of that fact.

Answer 4

Using regular expressions for this is not a good idea, as has been demonstrated at length in those other posts.

I suppose people keep doing it because they don't know any better or don't care.

Will a parser be any better? Maybe, maybe not.

I maintain that sending a verification e-mail is the best way to validate it. If you want to check anything from JavaScript, then check that it has an '@' sign in there and something before and after it. If you go any stricter than that, you risc running up against some syntax you didn't know about and your validator will become overly restrictive.

Also, be careful with that TLD validation scheme of yours, you might find that you are assuming too much about what is allowed in a TLD.

Answer 5

People write regular expressions because most developers like so solve a simple problem in the most "cool" en "efficient" way (which means that it should be as unreadable as possible).

In Java, there are libraries to check if a String represents an email address without you having to know anything about regular expressions. These libraries should be available for other languages aswel.

Like Jamie Zawinski said in 1997: "Some people, when confronted with a problem, think "I know, I'll use regular expressions." Now they have two problems."

Answer 6

People do it because in most languages it is way easier to write regexp than to write and use a parser in your code (or so it seems, at least).

If you decide to eschew regexes, you will have to either write parsers by hand, or you resort to external tools (like yacc) for lexer/parser generation. This is way more complex than single-line regex match.

One need to have a library that makes it easy to write parsers directly in the language X (where 'X' is C, C++, C#, Java) to be able to build custom parsers with the same ease as regular expression matchers.

Such libraries originated in the functional land (Haskell and ML), but nowadays "parser combinators libraries" exist for Java, C++, C#, Scala and other mainstream languages.

Answer 7

People use regexes for email addresses, HTML, XML, etc. because:

1. It looks like they should work and they often do work for the obvious cases.
2. They "know" regular expressions. When all you have is a hammer all your problems look like nails.
3. Writing a parser is harder (or seems harder) than writing a regular expression. In particular, writing a parser is harder than writing a regex that handles the obvious cases in #1.
4. They don't understand the full complexity of the task.
5. They don't understand the limitations of regular expressions.
6. They start with a regex that handles the obvious cases and then try to extend it to handle others. They get locked into one approach.
7. They aren't aware that there's (probably) a library available to do the work for them.

Answer 8

and then validates those against the valid characters allowed for name (there's no further check that can be done on this portion)

This is not true. For example, "[email protected]" contains only valid characters in the name section, but is not valid.

In languages that do not have libraries for email validation, I generally use regex becasue

1. I know regex, and find it easy to use
2. I have many friends who know regex, and I can collaborate with
3. It's fast for me to code, and me-time is more expensive than processor-time for most applications
4. For the majority of email addresses, it works.

I'm sure many built-in libraries do use your approach, and if you want to cover all the possibilities, it does get ridiculous. However, so does your parser. The formal spec for email addresses is absurdly complex. So, we use a regex that gets close enough.

Answer 9

I don't believe correct email validation can be done with a single regular expression (now there's a challenge!). One of the issues is that comments can be nested to an arbitrary depth in both the local part and the domain.

If you want to validate an address against RFCs 5322 and 5321 (the current standards) then you'll need a procedural function to do so.

Fortunately, this is a commodity problem. Everybody wants the same result: RFC compliance. There's no need for anybody to write this code ever again once it's been solved by an open source function.

Check out some of the alternatives here: http://www.dominicsayers.com/isemail/

If you know of another function that I can add to the head-to-head, let me know.

Answer 10

We're just looking for a fast way to see if the email address is valid so that we can warn the user they have made a mistake or prevent people from entering junk easily. Going off to the mail server and fingering it is slow and unreliable. The only real way to be sure is to get a confirmation email, but the problem is only to give a fast response to the user before the confirmation process takes place. That's why it's not so important to be strictly compliant. Anyway, it's a challenge and it's fun.

Answer 11

On factor: the set of people who understand how to write a regular expression is very much larger than the set of people who understand the formal constraints on regular languages. Same goes for non-regular "regular expressions".