Validating a URL in PHP

By shane
Thu, 2011-12-29 23:01
comments

Share with Others

I recently ran into a problem of validating a URL in PHP. The simplest and most consistent way to validate a URL in PHP is to use filter_var(). Here is an example:
$url = "http://codekarate.com";
if (filter_var($url, FILTER_VALIDATE_URL)) {
  echo "URL is valid";
}
else {
  echo "URL is invalid";
}
The only problem with this approach is that it has a few caveats. The PHP filter_var function has only been available since PHP 5.2. If you are running a PHP version older than 5.2 you are out of luck. There is also a bug in PHP 5.2.13 and PHP 5.3.2 that will not allow URLs with dashes in them to validate. If you are unsure of your PHP version you can run php -v from the command line if you have command line PHP installed, or create a PHP file with the following contents and navigate to it using your web browser:
  phpinfo();
Because of the limitations of filter_var(), you may have to fall back to using a regular expression. Here is an example of one regular expression that allows dashes in the URL:
$url = "http://codekarate.com";
if (preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i", $url)) {
  echo "URL is valid";
}
else {
  echo "URL is invalid";
}
There is a lot of debate about whether using a regular expression is a good idea when doing URL validation. If you are uncertain and looking for a guide then this may help: If you are using a version of PHP that is older than PHP 5.2: - Use the regular expression approach If you are using PHP 5.2.13 or PHP 5.3.2 and need URLs with dashes to validate: - Use the regular expression approach If you don't fall into one of the above categories: - Use the filter_var() approach
Note: Some have complained that using the PHP filter_var() function is too permissive and allows URLs that should not validate. One solution is to use filter_var for your initial validation and then perform additional validation checks if the original filter_var validation passes.
Do you have a preference for validating URLs in PHP? If so, why not discuss it in the comments?