Validating a URL in PHP

By shane
Thu, 2011-12-29 23:01
12 comments

Share with Others

I recently ran into a problem of validating a URL in PHP. The simplest and most consistent way to validate a URL in PHP is to use filter_var(). Here is an example:
$url = "http://codekarate.com";
if (filter_var($url, FILTER_VALIDATE_URL)) {
  echo "URL is valid";
}
else {
  echo "URL is invalid";
}
The only problem with this approach is that it has a few caveats. The PHP filter_var function has only been available since PHP 5.2. If you are running a PHP version older than 5.2 you are out of luck. There is also a bug in PHP 5.2.13 and PHP 5.3.2 that will not allow URLs with dashes in them to validate. If you are unsure of your PHP version you can run php -v from the command line if you have command line PHP installed, or create a PHP file with the following contents and navigate to it using your web browser:
  phpinfo();
Because of the limitations of filter_var(), you may have to fall back to using a regular expression. Here is an example of one regular expression that allows dashes in the URL:
$url = "http://codekarate.com";
if (preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i", $url)) {
  echo "URL is valid";
}
else {
  echo "URL is invalid";
}
There is a lot of debate about whether using a regular expression is a good idea when doing URL validation. If you are uncertain and looking for a guide then this may help: If you are using a version of PHP that is older than PHP 5.2: - Use the regular expression approach If you are using PHP 5.2.13 or PHP 5.3.2 and need URLs with dashes to validate: - Use the regular expression approach If you don't fall into one of the above categories: - Use the filter_var() approach
Note: Some have complained that using the PHP filter_var() function is too permissive and allows URLs that should not validate. One solution is to use filter_var for your initial validation and then perform additional validation checks if the original filter_var validation passes.
Do you have a preference for validating URLs in PHP? If so, why not discuss it in the comments?

Comments

Validating URLs is important to form handling and PHP data processing. Currently there are numerous solutions for validating URLs. This article will take a look at some of the most commonly used methods of validating URLs in PHP, the Regex method and the PHP built in Filter validate URL. Thanks.
Regards,

hey it should show error for url : http://0.00.00
still its working .. it should now .. i am facing the same issue for my site ..

if you have any solution please let me know ..

Humayun is right! the real issuse is that both methods dont check for "FILTER_FLAG_HOST_REQUIRED" which actually doesent work altough it should check .com ending...

Still searching for a regex that does that...

I've been googling a lot and this regular expression is the only one that works !! Thanks you!

I have been trying to find a good solution for testing for URL's, I would not use the filter_var() for this kind of check. It does not work correctly!

The only way i have found to check for them is either use regex or use the parse_url and check each section.

Thanks for the writeup though :)

To add you can use version_compare to find out if you have a buggy version of PHP. This checks whether you have a version older than 5.3.3:


if( version_compare( PHP_VERSION, '5.3.3' ) < 0 ) {
//use regex
} else {
//use filter_var
}

I am not sure whether this bug only affects the two versions mentioned above i.e. 5.3.2. and 5.2.13 or all versions below 5.3.3

I AM using filter_var(FILTER_VALIDATE_URL,$myOwnVariable)

i am getting this error 2nd paramater should be long
and it accepting just www also

and regex you have given same i used it also accepts www.google.com but it should validate www.google.com pls do guide

Post new comment