Your preferred method of validating a URL format?

schwim

For clarification, I don't want to ensure that the site exists, I just want to ensure that it's formatted correctly.

I'm finding this most of the places I look:

// SCHEME
$urlregex = "^(https?|ftp)\:\/\/";

// USER AND PASS (optional)
$urlregex .= "([a-z0-9+!*(),;?&=\$_.-]+(\:[a-z0-9+!*(),;?&=\$_.-]+)?@)?";

// HOSTNAME OR IP
$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)*"; // http://x = allowed (ex. http://localhost, http://routerlogin)
//$urlregex .= "[a-z0-9+\$_-]+(\.[a-z0-9+\$_-]+)+"; // http://x.x = minimum
//$urlregex .= "([a-z0-9+\$_-]+\.)*[a-z0-9+\$_-]{2,3}"; // http://x.xx(x) = minimum
//use only one of the above

// PORT (optional)
$urlregex .= "(\:[0-9]{2,5})?";
// PATH (optional)
$urlregex .= "(\/([a-z0-9+\$_-]\.?)+)*\/?";
// GET Query (optional)
$urlregex .= "(\?[a-z+&\$_.-][a-z0-9;:@/&%=+\$_.-]*)?";
// ANCHOR (optional)
$urlregex .= "(#[a-z_.-][a-z0-9+\$_.-]*)?\$";

// check
if (eregi($urlregex, $url)) {echo "good";} else {echo "bad";}

but the flaw I see in this is that http://dbasdfg validates. No tld seems to be necessary.

Anyone have a favorite snippet for ensuring a URL is a valid format?

thanks,
json

NogDog

First: no, I don't have a favorite pattern.

This is one of those things you want to be careful with, as depending on what you are doing it might be better to be too lenient rather than too strict. If your pattern isn't perfect it might end up with false negatives, and that's the problem with grabbing something off the 'net: how sure can you be that any pattern you find completely and exactly adheres to the HTTP specification and won't reject something that is actually a valid URL?

schwim

Fair point sir. In that case, can I ask you how you would simply ensure that the URL started with "http://" and if it didn't, add it so resulting HTML wouldn't treat it as a local URL?

NogDog

As far as http goes, you could do:

if(preg_match('#^https?://#i', $string))
{
   // OK
}

If you want to include FTP:

if(preg_match('#^(ht|f)tps?://#i', $string))
{
   // OK
}

schwim

Thanks very much for that, nog. I think that will suit my purposes just fine.

thanks,
json

Weedpacket

I tend to use [man]parse_url[/man] first, and then make sure the pieces look sensible for my current purposes. If the string's wildly misformatted, though (basically, if it fails the regular expression given in RFC3986), it will trigger a warning.