Validating a URL in PHP

Submitted by shane on Fri, 2011-12-30 00:01

I recently ran into a problem of validating a URL in PHP. The simplest and most consistent way to validate a URL in PHP is to use filter_var(). Here is an example:

$url = "http://codekarate.com";
if (filter_var($url, FILTER_VALIDATE_URL)) {
  echo "URL is valid";
}
else {
  echo "URL is invalid";
}

The only problem with this approach is that it has a few caveats. The PHP filter_var function has only been available since PHP 5.2. If you are running a PHP version older than 5.2 you are out of luck. There is also a bug in PHP 5.2.13 and PHP 5.3.2 that will not allow URLs with dashes in them to validate. If you are unsure of your PHP version you can run php -v from the command line if you have command line PHP installed, or create a PHP file with the following contents and navigate to it using your web browser:

phpinfo();

Because of the limitations of filter_var(), you may have to fall back to using a regular expression. Here is an example of one regular expression that allows dashes in the URL:

$url = "http://codekarate.com";
if (preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i", $url)) {
  echo "URL is valid";
}
else {
  echo "URL is invalid";
}

There is a lot of debate about whether using a regular expression is a good idea when doing URL validation. If you are uncertain and looking for a guide then this may help:

If you are using a version of PHP that is older than PHP 5.2:
- Use the regular expression approach
If you are using PHP 5.2.13 or PHP 5.3.2 and need URLs with dashes to validate:
- Use the regular expression approach
If you don't fall into one of the above categories:
- Use the filter_var() approach

Note: Some have complained that using the PHP filter_var() function is too permissive and allows URLs that should not validate. One solution is to use filter_var for your initial validation and then perform additional validation checks if the original filter_var validation passes.

Do you have a preference for validating URLs in PHP? If so, why not discuss it in the comments?

shane's blog

Discussions

santa (not verified)

Posted: Thu, 2012-03-08 02:27.

santa

Validating URLs is important to form handling and PHP data processing. Currently there are numerous solutions for validating URLs. This article will take a look at some of the most commonly used methods of validating URLs in PHP, the Regex method and the PHP built in Filter validate URL. Thanks.
Regards,

Humayun (not verified)

Posted: Mon, 2012-11-26 13:04.

Why both the example shows

Why both the example shows the url "http://www.bla" as output? If I write only two digits after "www." then it counts as valid url. But the compete valid url should be "http://www.bla.com" .

Niks (not verified)

Posted: Wed, 2012-12-05 01:31.

url-Validation

hey it should show error for url : http://0.00.00
still its working .. it should now .. i am facing the same issue for my site ..

if you have any solution please let me know ..

sagive (not verified)

Posted: Wed, 2012-12-05 01:48.

hmm...

Humayun is right! the real issuse is that both methods dont check for "FILTER_FLAG_HOST_REQUIRED" which actually doesent work altough it should check .com ending...

Still searching for a regex that does that...

Related Posts

Newsletter