I try to do some basic validation. I want to make submitting links impossible.
I wrote some code that works semi fine.
It doesn't work if http:// or https:// at the begining of the input
if(((stripos($message, "http://")) || (stripos($message, "https://"))) !== false)
{
echo"Link is Here";
}
else
{
echo"Link is NOT Here";
}
Is there are way to fix this problem. I use function stripos because I have to make sure http:// and https:// is case insensitive so I'm ok with all kind of trays like for example HTTP:// or hTTps://
This has to do with your if statement. Change it to this:
if(stripos($message, "http://") !== false || stripos($message, "https://") !== false)
{
echo "Link is here";
}
else
{
echo "Link is NOT here";
}
Related
I have a statement that checks the page's url and marks up a page accordingly, but it only works when my if statement has one option to check for.
$url = 'http://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
<?php if (strpos($url, 'events/eventname')!= false) { ?>
~markup~
<? } ?>
If I modify it to check for two possible urls...
<?php if (strpos($url, 'events/eventname')!= false) { ?>
~markup~
<? }else if (strpos($url, 'events/othereventname')!= false) { ?>
~markup~
<? } ?>
... the page won't load. I must be missing something obvious- can someone tell me what is wrong with this function?
*edit: Since it was requested I have included the $url variable and more specific url examples
strpos returns 0 when search substring is in the beginning of the query string. You can replace != to !== to make it work - otherwise php is internally transforming false to zero, which leads to incorrect comparison result.
For example:
<?php
var_dump(strpos('aaa', 'a'));
echo var_dump(strpos('aaa', 'a') === false);
echo var_dump(strpos('aaa', 'a') == false);
Try to use !== comparison just just in case string is at position 0.
Another syntax problem is else if, while you should use elseif.
Try also changing short php tag <? to full one <?php.
Rather than using the strpos() you can get the request uri which is anything after the domain name (ie: www.example.com/foo/bar would give you /foo/bar).
$url = $_SERVER['REQUEST_URI'];
if($url == "/foo/bar") {
// markup
} elseif($url == "/bar/foo") {
// markup
} else {
// markup
}
Why the PHP function: FILTER_VALIDATE_URL thinks that an URL with a subdomain that contains an underscore is invalid?
<?php
$url = "http://smiling_politely.blogspot.com";
if (!filter_var($url, FILTER_VALIDATE_URL) === false) {
echo("$url is a valid URL");
} else {
echo("$url is not a valid URL");
}
?>
How can I make sure that this FILTER_VALIDATE_URL includes such existing URLs (possibly the fastest way for execution)?
Ok, I came up with this solution, hopefully it's going to work well..
<?php
$url = "http://smiling_politely.blogspot.com";
$check = parse_url($url,PHP_URL_HOST);
if(null!==$check) echo 'Valid'; else echo 'NOT valid.';
?>
I am searching multiple websites to fix this issue. The problem is I am asking user to enter website address and like people says never trust user input.
So, possible scenario can be like this:
https or http://www.google.com
https or http://google.com
www.google.com
google.com
Now I want URL must be like this. http or https//www.google.com
At the moment I have below code but it is not working as expected.
$url = "www.google.com";
if (preg_match("/\b(?:(?:https?):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i", $url)) {
echo "URL is valid";
}
else {
echo "URL is invalid";
}
Check if the start of the string contains http which also includes https AND check if it's a valid URL:
if((strpos($url, 'http') === 0) && filter_var($url, FILTER_VALIDATE_URL)) {
echo "URL is valid";
} else {
echo "URL is invalid";
}
Try this Expression
/[-a-zA-Z0-9#:%_\+.~#?&//=]{2,256}\.[a-z]{2,4}\b(\/[-a-zA-Z0-9#:%_\+.~#?&//=]*)?/gi
It will aceept all the cases that you have mentioned above
I wonder what would be the best way in php to check if provided url is valid... At first I tried with:
filter_var($url, FILTER_VALIDATE_URL) === false
But it does not accept www.example.com (without protocol). So I tried with a simple modification:
protected function checkReferrerUrl($url) {
if(strpos($url, '://') == false) {
$url = "http://".$url;
}
if(filter_var($url, FILTER_VALIDATE_URL) === false) {
return false;
}
return true;
}
Now it works fine with www.example.com but also accepts simple foo as it converts to http://foo. However though this is not a valid public url I think... so what would you suggest? Go back to traditional regexp?
I recommend, that you do not use filter_var with type URL.
There are much more side-effects.
For example, these are valid URLs according to filter_var:
http://example.com/"><script>alert(document.cookie)</script>
http://example.ee/sdsf"f
Additionally FILTER_VALIDATE_URL does not support internationalized domain names (IDN).
I recommend using a regex combined with some ifs afterwards (f.e. for the domain) for security reasons.
Without the security aspect I am using parse_url to take my parts. But this function has a similar issue, when the scheme (no http/https) is missing.
Use this
<?php
$url = 'www.example.com';
if(validateURL($url)){
echo "Valid";
}else{
echo "invalid";
}
function validateURL($URL) {
$pattern_1 = "/^(http|https|ftp):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+.(com|org|net|dk|at|us|tv|info|uk|co.uk|biz|se)$)(:(\d+))?\/?/i";
$pattern_2 = "/^(www)((\.[A-Z0-9][A-Z0-9_-]*)+.(com|org|net|dk|at|us|tv|info|uk|co.uk|biz|se)$)(:(\d+))?\/?/i";
if(preg_match($pattern_1, $URL) || preg_match($pattern_2, $URL)){
return true;
} else{
return false;
}
}
?>
Try this one too
<?php
// Assign URL to $URL variable
$url = 'http://example.com';
// Check url using preg_match
if (preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i",$url)){
echo "Valid";
}else{
echo "invalid";
}
?>
I've working on a project and in this project i need to check the user input is a valid URL.
I've made a preg_match for all possible characters used on a URL. However, I'm trying to make it show an error if HTTP:// / HTTPS:// is not in front of the URL.
Here is what I've done.
if(preg_match('/[^0-9a-zA-Z.\-\/:?&=#%_]/', $url) || substr($url, 0, 7) != "http://" || substr($url, 0, 8) != "https://") {
But that doesn't work. It keeps giving me the an OK message. I'm not sure what I'm doing wrong here, I hope I can get some help!
The if statement will return true or false. So
if(preg_match('/[^0-9a-zA-Z.\-\/:?&=#%_]/', $url) || substr($url, 0, 7) != "http://" || substr($url, 0, 8) != "https://") {
echo "true";
} else {
echo "false";
}
I just need to check if the url has entered a valid url. I don't need to verify it. Just need to check if it has HTTP:// or HTTPS:// and contains valid URL characters.
Instead of a regex, you could make things easy on yourself and use the URL filtering in filter_var:
if (filter_var($url, FILTER_VALIDATE_URL)) { ...
Alternately you can do this without regex. Though you do also need to validate the url imagine http://">bla</a><script>alert('XSS');</script> as the value passed as there url
<?php
$url = 'http://example.com';
if(in_array(parse_url($url, PHP_URL_SCHEME),array('http','https'))){
if (filter_var($url, FILTER_VALIDATE_URL) !== false) {
//valid url
}else{
//not valid url
}
}else{
//no http or https
}
?>
parse_url()
filter_var()
You've not shown your complete relevant code. So, not sure, why it is not working for you but for url validation, you can check for a detailed discussion on the thread link below:
PHP validation/regex for URL
To validate user input with website url it is good to allow with or without scheme and with or without www, then in view add scheme to set as external url.
$withWww = 'www.' . str_replace(array('www.'), '', $value);
$withScheme = 'http://' . str_replace(array('http://', 'htttps://'), '', $withWww);
$headers = #get_headers($withScheme);
if (strpos($headers[0], '200') === false) {
return false;
}