Email validation in Power Apps
In this tutorial blog I will show you why the existing email validation in Power Apps is incorrect, how badly incorrect it is, and how you can create a better validator using regular expressions.
I will also include the code for you to copy/paste and use in your canvas Power Apps or in your Power Query.
If you want to skip straight to the code without understanding why/how, click here.
Introduction
When you are creating canvas Power Apps, or you are using Power Fx to create formulae, you will undoubtedly have come across a need for a user to enter an email address. It is the digital equivalent of the postal address and we all have one.
Email addresses have a prefix (the bit before @), and a suffix/domain (the bit after the @).
We humans can type things incorrectly, paste things more than once, and make any number of other errors when inputting that address. So, as a result of that, we need to ensure that whenever a user enters an email address, they do it correctly.
Imagine for a second, you are ordering something online, and the order form will confirm your choice by email – but if you type the email address wrong, then you will never receive that confirmation – this is why most sites also validate email addresses and will let you know when “email address is invalid”.
So how would you do this in Power Apps?
Well, at this point you might be thinking:
Oh but Sancho that’s super easy, just use IsMatch() and then use the Match.Email pattern
Well yes, but actually no
If we look at the pattern (Microsoft provides this for us here) that Power Apps (Power Fx) uses for Match.Email we can see that it uses a Regex (REGular EXpression) string to validate it. I’m not going to explain how the whole Regex system works, but it can essentially be looked at as a way of stating rules for the text.
i.e. “I want this one character of this type, and five of that other one, but then only this one character if the other two were numbers and maybe two of these other characters and then at least 4 of those” – this might sound familiar as many password requirements are (surprise surprise) validated using Regex.
So If I create a blank App and try validate a simple email using this method, it works (sort of):
The expression the documentation says they use to validate emails is:
.+\@.+\\.[^\\.]{2,}This is not what it actually uses in the Studio though
(those double slashes would mean that the email addresses need slashes in them)
What the power Apps Studio actually uses is:
.+\@.+\.[^.]{2,}So what does that mean?
While, technically, it has worked, as this is a valid email – it DOES NOT work for anything that SHOULDN’T be a valid email.
This is absolutely wild – you can put all sorts of invalid characters anywhere in the string, and so long as it contains at least one @ and at least two characters on the end, it will ‘validate’ except that it’s not actually valid..
Below I will break down each section of their regex string – You can either learn how Regex works (I do suggest this if you have the time as it can be immensely useful in other places), OR you can use one of the existing online validators – I like to use Regexr.com to build strings and validate as it tells me what I’m building as I go.
So let’s plug that string into Regexr and see what it can tell us.
This allows us to see what it is looking for and break it down into sections:
.+ \@ .+ \. [^.]{2,}There are standards for how emails are defined, particularly one called RFC5322 and this states how emails should actually be formatted and validated. Some of this won’t apply to modern email infrastructure, so for example there are INTERNAL email domains within companies that can have rules that won’t be valid when transmitted externally such as using a space character, and since your app cannot send an email to an internal routed domain without going via office365, we can ignore the internal rules.
So let’s now look at the different parts of the Regex that Microsoft uses to validate Emails in Power Fx:
The First bit
.+
This means “Match 1 or more of ANY character”.
So let’s look at why this alone is already a HUGE problem in terms of validation as it will mark as valid some VERY INVALID email addresses:
Using the default Match.Email we can use spaces (not allowed in RFC5322):
Using the default Match.Email we can use special characters (literally ANY character):
This also presents a problem in that if we are validating a singular email address, we can have a semi-colon as one of those special characters, and as this is the standard character for separating email addresses, we will have a completely invalid address.
Additionally, you had better hope you are not using csv files to store any of this data, as commas are accepted using that formula as well:
The Second bit:
\@
This means “Match the @ character”
Regex uses \ to ‘escape’ a character so that it’s not interpreted as a command when read by the regex string and that’s why this is now just asking for the @ symbol as a single character.
This is the @ that you see usually in the middle of emails, and it divides the prefix (identifier) and the suffix (domain).
If you think about it, the email address is like a physical address:
Number42 @ ThisWeirdBritishStreetName
The Third bit:
.+
This means “Match 1 or more of ANY character”.
So this is exactly the same as the First Bit, which has the same inherent problems, but also provides us with a new problem or two.
Using the default Match.Email we can use spaces (not allowed per RFC5322):
Using the default Match.Email we can use special characters (not allowed per RFC5322 for the suffix/domain section of the email):
The above issue represents a real problem when you have either comma-separated data storage, OR when you have multiple emails being handled in a database using the standard ; as the delimiter – this would seem ok if you are allowing it at the end of the value, or between valid values, but the Regex string that Microsoft uses means that it can be used LITERALLY anywhere.
The Fourth bit:
\.
This means “Match the . character”.
Regex uses the . as a denominator for “Match any character except line breaks”, so they put a slash in front of it to denote that it’s just the . character and not the function . represents.
The Fifth bit:
[^.]{2,}
This means “Match at least two of ANY character that is not the period character . “
This is a problem, as domain suffixes are not allowed to have special characters, as per RFC5322, so the issue is that you can then make an email address that looks like this:
How do we fix email validation in Power Apps?
As you can see from the examples above, this issue has likely resulted in thousands, if not millions of invalid emails being added to databases over the years since Power Apps was released, as everyone trusts the validation that Microsoft has put forward for emails..
But, it’s not right!
There must be a better way!
There is, and it involves more Regex – particularly a piece of Regex that will make all of the above validate correctly.
We can take the RFC5322 Regex string and modify it to remove any of the non-visible characters (like tab etc) – they already only allow certain characters – and we get this:
IsMatch(
txt_Email_HS.Text,
"(?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*)@{1}(?:([a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,})"
)Now, when we try those same invalid email addresses from before we get the correct answers:
If we then try a valid email (including multiple subdomains in this case) we can see it is then validated correctly:
What does that code do?
Ok, so according to RFC5322, we:
- Cannot have space anywhere in the email
- We cannot have special characters in the domain suffix
- We must only have one @
- There are a limited number of special characters we can use in the prefix
- The last portion of the domain suffix must be two or more characters
What this code does is allows all of the above to be true. I have also reduced the special characters list to not include the double quote ” and the non-visible characters like tab.
The first section gets 1 or more of any of those characters [uppercase, lowercase, number, specific special characters].
Then the next little section gets [a period . and 1 or more of any of those characters] and tries to get zero or more of these.
Then it looks for a singular @ sign.
It tries to get one or more of the following: [a character matching [uppercase, lowercase, number] and then zero or more of the following: [zero or more [uppercase, lowercase, number, hyphen] characters then a character matching [uppercase, lowercase, number]] and then tries to get a singular period . character]
Then it looks for two or more characters matching [uppercase, lowercase, number]
What about multiple emails?
We can modify this Regular Expression to look for zero or more semi-colons at the end of the email, group the whole thing and look for 1 or more of those, like this:
IsMatch(
YourTextInputColumn.Text,
"((?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*)@{1}(?:([a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,})(?:;)*)+"
)
TLDR (Too Long, Didn’t read) – solution for email validation in Power Apps
There are a number of formulas provided here that will allow you to ensure email validation in Power Apps:
Use this formula for validation of singular email addresses (includes special characters in prefix that are allowed by RFC5322):
IsMatch(
YourTextInputColumn.Text,
"(?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*)@{1}(?:([a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,})"
)Use this formula for validation of multiple email addresses (semi-colon separated, includes special characters in prefix that are allowed by RFC5322):
IsMatch(
YourTextInputControl.Text,
"((?:[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*)@{1}(?:([a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,})(?:;)*)+"
)
Use this formula for validation of singular email addresses (only underscores and hyphens allowed in prefix):
IsMatch(
YourTextInputControl.Text,
"(?:[a-zA-Z0-9_-]+(?:\.[a-zA-Z0-9_-]+)*)@{1}(?:([a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,})"
)Use this formula for validation of multiple email addresses (only underscores and hyphens allowed in prefix):
IsMatch(
YourTextInputControl.Text,
"((?:[a-zA-Z0-9_-]+(?:\.[a-zA-Z0-9_-]+)*)@{1}(?:([a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+[a-zA-Z0-9]{2,})(?:;)*)+"
)Conclusion
In this blog I have shown you why the existing email validation in Power Apps is incorrect, how badly incorrect it is, and how you can create a better validator using regular expressions.
I have also included the code for you to copy/paste and use in your canvas Power Apps or in your Power Fx formula.
Thank you so much for taking the time to read through to this point, I really do hope you have gained some new knowledge or at the very least some inspiration for your Apps! (Always dig deeper!)
If you want to check out my other blog articles you can have a look around here: iAm_ManCat Blog
You can find links to my various social media accounts at the bottom-right of this page 🙂
Hope you have a great day!
