Best regex to use for URL verification?

The_PHP_Newb

I don't really need to validate a URL. I just need to make sure the characters being sent in are valid characters we'd see in a complex URL string. Among other precautions already in place, I'm trying my best to prevent against injection.

This is the regex I'm using now:

eregi("[^(http|https)\://[a-zA-Z0-9\-\.]+\.[a-zA-Z]{2,3}(:[a-zA-Z0-9]*)?/?([a-zA-Z0-9\-\._\?\,\'/\\\+&amp;%\$#\=~])*$]", $url )

That is working well until we get to the & symbol.

This URL:
http://www.something.com/test.php?a=b&c=d

Comes out like this:
http://www.something.com/test.php?a=b

Can someone adjust what I have OR show me a better example to simply keep unwanted characters out of the URL string?

Weedpacket

[man]parse_url[/man] should simplify the job. See also [man]parse_str[/man].

nrg_alpha

Weedpacket;10885999 wrote:
[man]parse_url[/man] should simplify the job. See also [man]parse_str[/man].

Man, PHP has so many little yet useful goodies!

I noticed you are using ereg.. my advice, switch to PCRE (Perl Compatible Regular Expressions - a la 'preg') instead. As of PHP6, the support for POSIX (which ereg is part of) will be dropped natively.