regular expression which validates a relative URL

Question

How would I validate a string to check that it is safe for a URL. No spaces or special characters in the filename which may break the URL in gmail.

E.g: data/Logo - free.png would be invalid

I would only like: "a-z", "0-9", ".", "-", "_"

There are hundreds of questions for validating URLs on here but they all seem to check if it contains "http" which I dont need.

UPDATE with working code (from @minitech):

// validate filename
if (preg_match('/[^\w.-]/', basename($logo))){
    $error = true
}

It doesn't need to check if the URL exists, just checking that there are no spaces or special characters — John Magnolia, Dec 16 '12 at 16:57
[what-is-the-best-regular-expression-to-check-if-a-string-is-a-valid-url][1] [1]: http://stackoverflow.com/questions/161738/what-is-the-best-regular-expression-to-check-if-a-string-is-a-valid-url — FLF, Dec 16 '12 at 17:01

score 4 · Answer 1 · edited Jun 10 '16 at 20:29

I am not a big fan of regex so I fixed PHP's internal filter_var, it seems to have a problem with relative URL's. I use this workaround:

function isValid($url)
{
    if (parse_url($url, PHP_URL_SCHEME) != '') {
        // URL has http/https/...
        return !(filter_var($url, FILTER_VALIDATE_URL) === false);
    }else{
        // PHP filter_var does not support relative urls, so we simulate a full URL
        // Feel free to replace example.com with any other URL, it won't matter!
        return !(filter_var('http://www.example.com/'.ltrim($url,'/'), FILTER_VALIDATE_URL) === false);
    }
}

PS: Beware of the security problems in filter_var: https://d-mueller.de/blog/why-url-validation-with-filter_var-might-not-be-a-good-idea/

score 1 · Accepted Answer · answered Dec 16 '12 at 16:58

1

Just taking it right from what you listed:

$valid = !preg_match('/[^\w.-]/', $name);

You might consider just escaping it using urlencode, depending on the situation.

answered Dec 16 '12 at 16:58

Ry-

218,210
55
464
476

you are missing quantifier – Anirudha Dec 16 '12 at 17:00
@Some1.Kill.The.DJ: No, I'm inverting the match. valid = does *not* contain things that are *not* `\w`, `.`, or `-`. – Ry- Dec 16 '12 at 17:01
This returns true every time – John Magnolia Dec 16 '12 at 17:02
1

@minitech correct - I had it inside a IF statement so I just needed to remove the ! – John Magnolia Dec 16 '12 at 17:10

score 0 · Answer 3 · answered Dec 16 '12 at 16:59

0

Use this regex to check for valid filename

 ^.*/[\w.-]+$

answered Dec 16 '12 at 16:59

Anirudha

32,393
7
68
89

You're missing a starting anchor. – Ry- Dec 16 '12 at 17:01
@minitech no need of it..just checking the filename at the end – Anirudha Dec 16 '12 at 17:02
@JohnMagnolia yes you need to put it in between `/^.*/[\w.-]+$/` – Anirudha Dec 16 '12 at 17:02
@Some1.Kill.The.DJ: Oh, you're validating a URL. The question isn't about validating the URL, though. It's about making sure that the entire string is those characters. (At least, that's what I understood...) – Ry- Dec 16 '12 at 17:03

regular expression which validates a relative URL

3 Answers3