validate URL by FILTER_VALIDATE_URL

Question

I am validating URL by FILTER_VALIDATE_URL function.

$url_1 = "http://example.com";
$url_2 = "http://http://example.com";

if (filter_var($url_1, FILTER_VALIDATE_URL)) {
    echo "URL is valid";
}
else {
    echo "URL is invalid";
}

It's giving me valid URL message in $url_1 and $url_2. It shouldn't be like that. second URL is not valid. What's the correct way to solve this issue? Thanks.

May be worth a read: *Validates value as URL (according to » http://www.faqs.org/rfcs/rfc2396)* — ʰᵈˑ, Oct 21 '14 at 14:41
Because the second url ***is*** technically valid, the domain name has to be in the RFC1037 format, which is a file access protocol. Therefore it has to allow for usernames, passwords and path specifiers: `http://foo:bar@somesite.org` is valid, and so if there were a user `http`, a `//` containing password should be valid, too: `https://http://myPass@foo.bar` has to be valid, too. Does it make sense? No, but the URL is parseable, so technically, it's valid — Elias Van Ootegem, Oct 21 '14 at 14:46

score 2 · Answer 1 · edited May 23 '17 at 12:22

As per the docs on validation filters, FILTER_VALIDATE_URL will validate the URL to the RFC 2396 standards.

There's also been discussion on examples that still pass the FILTER_VALIDATE_URL filter.

This means you can use the filter to do some validation, but you can't depend on it solely if you need a 100% valid URL as certain conditions would still satisfy the RFC, plus a valid URL could still return a 404.

Your best approach to test a valid URL is to actually test the URL itself after validating it as per this SO answer

score 0 · Answer 2 · answered Oct 21 '14 at 14:46

0

You can use the PHP function checkdnsrr() to check DNS records corresponding to a given Internet host name or IP address :

$url = "wrong_url.com";
if(filter_var($url, FILTER_VALIDATE_URL) && checkdnsrr(($url),"A")) {
    echo "URL is valid";
}
else {
    echo "URL is invalid";
}

answered Oct 21 '14 at 14:46

Magicprog.fr

4,072
4
26
35

@RonakPatel: `checkdnsrr` takes a host name not a URL. – AbraCadaver Oct 21 '14 at 15:24
@MagicProg.fr: `FILTER_VALIDATE_URL` needs a URL with protocol/scheme. – AbraCadaver Oct 21 '14 at 15:27

score 0 · Answer 3 · answered Oct 21 '14 at 14:50

It's been filed as a bug before:

https://bugs.php.net/bug.php?id=64173

and

https://bugs.php.net/bug.php?id=65141

but it's conform the RFC: http://www.ietf.org/rfc/rfc2396.txt

Quick BNF evaluation

absoluteURI
    scheme http
    :
    hier_part
        net_path
            //
            authority
                server
                    hostport http:

            abs_path
                /
                segment
                segment /www.google.com

You can use other, stricter functions if you like: https://github.com/franksrevenge/StrictUrlValidator

validate URL by FILTER_VALIDATE_URL

3 Answers3

Linked