jump to navigation

How to fix “Function eregi() is deprecated” in PHP 5.3.0 September 25, 2011

Posted by Tournas Dimitrios in PHP.

Form validation is required to prevent web form abuse by malicious users . Improper validation of form data is one of the main causes of security vulnerabilities . It exposes your website to attacks such as header injections , cross-site scripting , and SQL injections .

  • header injection attacks can be used to send email spam from your web server
  • cross-site scripting may allow an attacker to post any data to your site
  • SQL injection may corrupt your database backend

A mandatory practice is to always implement client / server-side validation techniques on all input fields of submitted  content by the user . This article will focus on validating the email-address field , I used to use eregi for validating email address input that matches to the regular expression . That would return true if given email address is matches to username@domain.com  pattern. Unfortunately, after upgrading PHP to the earlier version (5.3.0), it wont work properly . This is because eregi is one of several functions that are deprecated in the new version of PHP . Solution : Use preg_match with the ‘i’ modifier instead. i means that regular expression is case insensitive . So the code become like this :

function validate_email($email)

/* deprecated */
if(eregi("^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$", $email)) { 
return "email is valid "; 
} else { 
return "email is not valid " ;

/* Solution */ 
if(preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $email)) { 
return "email is valid "; 
} else { 
return "email is not valid " ;
echo validate_email('your.domain@gmail.com'); //returns "email is valid" 
echo validate_email("your.domain@.com") ; //returns "email in not valid" 

List of depreciated functions in PHP 5.3.x :

  • call_user_method() (use call_user_func() instead)
  • call_user_method_array() (use call_user_func_array() instead)
  • define_syslog_variables()
  • dl()
  • ereg() (use preg_match() instead)
  • ereg_replace() (use preg_replace() instead)
  • eregi() (use preg_match() with the ‘i’ modifier instead)
  • eregi_replace() (use preg_replace() with the ‘i’ modifier instead)
  • set_magic_quotes_runtime() and its alias, magic_quotes_runtime()
  • session_register() (use the $_SESSION superglobal instead)
  • session_unregister() (use the $_SESSION superglobal instead)
  • session_is_registered() (use the $_SESSION superglobal instead)
  • set_socket_blocking() (use stream_set_blocking() instead)
  • split() (use preg_split() instead)
  • spliti() (use preg_split() with the ‘i’ modifier instead)
  • sql_regcase()
  • mysql_db_query() (use mysql_select_db() and mysql_query() instead)
  • mysql_escape_string() (use mysql_real_escape_string() instead)
  • Passing locale category names as strings is now deprecated. Use the LC_* family of constants instead.
  • The is_dst parameter to mktime(). Use the new timezone handling functions instead.

Read more : http://php.net/manual/en/migration53.deprecated.php



1. Tyrell Forkosh - October 9, 2011

Hello my friend! I want to say that this article is awesome, nice written and include almost all important infos. I’d like to see more posts like this .

2. Marshal - February 3, 2012

Just Great!! Thank you so much..

tournasdimitrios1 - February 3, 2012

Welcome and thanks for stoping on this blog .

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s