Securing a usersubmitted link

AliceH

I'm creating a guestbook where users can post links to their website. Anyways what is the best way to secure the url so it's actually not a fake hackers link or something?

just strip htmlspecialchars(stripslashes(trim($url ??

Thanks guys 🙂

sid

you obviously cant actually control the content of the linked page, but you can make sure that the syntax is valid:

if (ereg("^(http|https|ftp)\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,}(:[a-zA-Z0-9]*)?/?([a-zA-Z0-9\-\._\?\,\'/\\\+&%\$#\=~])*$ ", $_POST['url'])) {
    print "url is valid";
}
else {
    print "url is invalid";
}

(thats at least the regex i use ;-) )

AliceH

Thank you very much sid 🙂

That's exactly the answer I needed!