I have a form to get some urls from users. Eg: Web Address, Facebook Address, Twitter Address, Google+ address etc... My problem is how I validate these urls when they submit the form. I tried to validate URL in PHP by using the FILTER_VALIDATE_URL or simply, using regular expression.
Here, I would like to know what are the best methods to get such a urls from users. Is it always good to let them to enter protocol? sometimes they may not know it is http, https, ftp, ftps.. etc. I think it is something hard to do some users.
I tried something like this using FILTER_VALIDATE_URL, But it always use protocol and sometime I am confusing how its work..
// validate url
$url = 'http://www.example.com';
if (filter_var( $url, FILTER_VALIDATE_URL)){
echo "<br>valid";
} else {
echo "<br>invalid";
}
OUTPUT : valid
// validate url
$url = 'hp://www.example.com';
if (filter_var( $url, FILTER_VALIDATE_URL)){
echo "<br>valid";
} else {
echo "<br>invalid";
}
OUTPUT : valid
// validate url
$url = 'http://example.com';
if (filter_var( $url, FILTER_VALIDATE_URL)){
echo "<br>valid";
} else {
echo "<br>invalid";
}
OUTPUT : valid
// validate url
$url = 'http://example.com?id=32&name=kamalani';
if (filter_var( $url, FILTER_VALIDATE_URL)){
echo "<br>valid";
} else {
echo "<br>invalid";
}
OUTPUT : valid
Can you tell me what are the best ways to get urls from user and how those validate?
Any comments are greatly appreciating..
Thank you.
You need to use regular expression to check valid url here.
Please try this :
$pattern = "/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i";
$URL= 'http://example.com?id=32&name=kamalani';
if(preg_match($pattern, $URL) ){
echo "<br>valid";
} else{
echo "<br>invalid";
}
Output
valid
Related
I am searching multiple websites to fix this issue. The problem is I am asking user to enter website address and like people says never trust user input.
So, possible scenario can be like this:
https or http://www.google.com
https or http://google.com
www.google.com
google.com
Now I want URL must be like this. http or https//www.google.com
At the moment I have below code but it is not working as expected.
$url = "www.google.com";
if (preg_match("/\b(?:(?:https?):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i", $url)) {
echo "URL is valid";
}
else {
echo "URL is invalid";
}
Check if the start of the string contains http which also includes https AND check if it's a valid URL:
if((strpos($url, 'http') === 0) && filter_var($url, FILTER_VALIDATE_URL)) {
echo "URL is valid";
} else {
echo "URL is invalid";
}
Try this Expression
/[-a-zA-Z0-9#:%_\+.~#?&//=]{2,256}\.[a-z]{2,4}\b(\/[-a-zA-Z0-9#:%_\+.~#?&//=]*)?/gi
It will aceept all the cases that you have mentioned above
I wonder what would be the best way in php to check if provided url is valid... At first I tried with:
filter_var($url, FILTER_VALIDATE_URL) === false
But it does not accept www.example.com (without protocol). So I tried with a simple modification:
protected function checkReferrerUrl($url) {
if(strpos($url, '://') == false) {
$url = "http://".$url;
}
if(filter_var($url, FILTER_VALIDATE_URL) === false) {
return false;
}
return true;
}
Now it works fine with www.example.com but also accepts simple foo as it converts to http://foo. However though this is not a valid public url I think... so what would you suggest? Go back to traditional regexp?
I recommend, that you do not use filter_var with type URL.
There are much more side-effects.
For example, these are valid URLs according to filter_var:
http://example.com/"><script>alert(document.cookie)</script>
http://example.ee/sdsf"f
Additionally FILTER_VALIDATE_URL does not support internationalized domain names (IDN).
I recommend using a regex combined with some ifs afterwards (f.e. for the domain) for security reasons.
Without the security aspect I am using parse_url to take my parts. But this function has a similar issue, when the scheme (no http/https) is missing.
Use this
<?php
$url = 'www.example.com';
if(validateURL($url)){
echo "Valid";
}else{
echo "invalid";
}
function validateURL($URL) {
$pattern_1 = "/^(http|https|ftp):\/\/(([A-Z0-9][A-Z0-9_-]*)(\.[A-Z0-9][A-Z0-9_-]*)+.(com|org|net|dk|at|us|tv|info|uk|co.uk|biz|se)$)(:(\d+))?\/?/i";
$pattern_2 = "/^(www)((\.[A-Z0-9][A-Z0-9_-]*)+.(com|org|net|dk|at|us|tv|info|uk|co.uk|biz|se)$)(:(\d+))?\/?/i";
if(preg_match($pattern_1, $URL) || preg_match($pattern_2, $URL)){
return true;
} else{
return false;
}
}
?>
Try this one too
<?php
// Assign URL to $URL variable
$url = 'http://example.com';
// Check url using preg_match
if (preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i",$url)){
echo "Valid";
}else{
echo "invalid";
}
?>
I would like to know how to validate a vine.co URL using php
Here is a demo URL
https://vine.co/v/hnVVW2uQ1Z9
All vine.co URL's have https://vine.co/v/
So I' guessing that URL can be validated using regex by using https://vine.co/v/. If someone can point me out how to do this will be much appropriated.
Thank in advance.
No need of regex. Use stripos function:
// assuming $url is input URL to your code
$vineURL = 'https://vine.co/v/';
$pos = stripos($url, $vineURL);
if ($pos === 0) {
echo "The url '$url' is a vine URL";
}
else {
echo "The url '$url' is not a vine URL";
}
The regex for this would be very simple:
$pattern="#^https://vine.co/v/\w*$#i";
$input_url="https://vine.co/v/hnVVW2uQ1Z9";
if(preg_match($pattern, $input_url)){
echo "Valid URL";
} else {
echo "Invalid URL";
}
Using regex:
$url = 'https://vine.co/v/hnVVW2uQ1Z';
if (preg_match("#^https?://vine.co/v/[a-z0-9]{10}$#i", $url)) {
// valid
} else {
// invalid
}
If you're sure that the the string to validate will always be a URL, then you can simply check if it contains the vine URL format. This can be accomplished by using the less memory-intensive, stripos() function:
if (stripos(trim($url), 'https://vine.co/v/') !== FALSE) {
// valid
} else {
// invalid
}
Note: I'm using an older PHP version so FILTER_VALIDATE_URL is not available at this time.
After many many searches I am still unable to find the exact answer that can cover all URL structure possibilities but at the end I'm gonna use this way:
I'm using the following function
1) Function to get proper scheme
function convertUrl ($url){
$pattern = '#^http[s]?://#i';
if(preg_match($pattern, $url) == 1) { // this url has proper scheme
return $url;
} else {
return 'http://' . $url;
}
}
2) Conditional to check if it is a URL or not
if (preg_match("/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&##\/%?=~_|!:,.;]*[-a-z0-9+&##\/%=~_|]/i", $url)) {
echo "URL is valid";
}else {
echo "URL is invalid<br>";
}
Guess What!? It works so perfect for all of these possibilities:
$url = "google.com";
$url = "www.google.com";
$url = "http://google.com";
$url = "http://www.google.com";
$url = "https://google.com";
$url = "https://www.codgoogleekarate.com";
$url = "subdomain.google.com";
$url = "https://subdomain.google.com";
But still have this edge case
$url = "blahblahblahblah";
The function convertUrl($url) will convert this to $url = "http://blahblahblahblah";
then the regex will consider it as valid URL while it isn't!!
How can I edit it so that it won't pass a URL with this structure http://blahblahblahblah
If you want to validate internet url's, add a check for including a dot (.) character in your reg-ex.
Note: http://blahblahblah is a valid url as is http://localhost
Try this:
if (preg_match("/^(([\w]+:)?\/\/)?(([\d\w]|%[a-fA-f\d]{2,2})+(:([\d\w]|%[a-fA-f\d]{2,2})+)?#)?([\d\w][-\d\w]{0,253}[\d\w]\.)+[\w]{2,4}(:[\d]+)?(\/([-+_~.\d\w]|%[a-fA-f\d]{2,2})*)*(\?(&?([-+_~.\d\w]|%[a-fA-f\d]{2,2})=?)*)?(#([-+_~.\d\w]|%[a-fA-f\d]{2,2})*)?$/", $url)) {
echo "URL is valid";
}else {
echo "URL is invalid<br>";
}
Is this a good way to validate a posted URL?
if (filter_var($_POST['url'], FILTER_VALIDATE_URL)){
echo "valid url";
}else{
echo "invalid url";
}
This is what I wrote to start with, as I could show multiple error messages with it:
function validateURL($url)
{
$pattern = '/^(([\w]+:)?\/\/)?(([\d\w]|%[a-fA-f\d]{2,2})+(:([\d\w]|%[a-fA-f\d]{2,2})+)?#)?([\d\w][-\d\w]{0,253}[\d\w]\.)+[\w]{2,4}(:[\d]+)?(\/([-+_~.\d\w]|%[a-fA-f\d]{2,2})*)*(\?(&?([-+_~.\d\w]|%[a-fA-f\d]{2,2})=?)*)?(#([-+_~.\d\w]|%[a-fA-f\d]{2,2})*)?$/';
return preg_match($pattern, $url);
}
$result = validateURL($_POST['url']);
if ($result == "1"){
$scheme = parse_url($_POST['url'], PHP_URL_SCHEME);
if (isset($scheme)){
echo $scheme . "://" . parse_url($_POST['url'], PHP_URL_HOST);
}else{
echo "error you did not enter http://";
}
}else{
echo "your url is not a valid format";
}
I'd simply go for the build-in FILTER_VALIDATE_URL and use a generic error message like:
Invalid URL. Please remember to input http:// as well.
If you're nice you could check if the first 7/8 letters are http:// or https:// and prepend them if not.
Coming up with and maintaining such a RegEx is not something you should get into if the problem is already solved. There's also usually no need to be any more detailed in the error message, unless you're in the business of explaining URL formats.
Have you checked this out Kyle, http://phpcentral.com/208-url-validation-in-php.html
I think simple
filter_var($var, FILTER_VALIDATE_URL)
and checking the protocol by strpos() is enough because user can, if wants to, give you the wrong (which does not exists) url.
Of course you can check if domain exists and return valid http status but I think it is little overstatement.