Re: Re: Php filter validate url

Jim Lucas <lists@xxxxxxxxx> · Mon, 27 Jun 2011 08:34:14 -0700

On 6/27/2011 8:25 AM, Plamen Ivanov wrote:
> On Mon, Jun 27, 2011 at 11:14 AM, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote:
>> On 06/27/2011 10:01 AM, Plamen Ivanov wrote:
>>> On Sun, Jun 26, 2011 at 5:44 PM, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote:
>>>>
>>>> On 06/26/2011 12:31 PM, Adam Tong wrote:
>>>>> Hi,
>>>>>
>>>>> I wanted tu use php filters for validation to avoid regular expresions.
>>>>> Is it possible that FILTER_VALIDATE_URL only checks if the string has
>>>>> http:// and do not check for the format domain.something?
>>>>> ----
>>>>> $url = 'http://wwwtestcom';
>>>>> $url = filter_var($url,FILTER_VALIDATE_URL);
>>>>> echo $url;
>>>>> -----
>>>>>
>>>>> Or I am doing something wrong
>>>>>
>>>>> Thank you
>>>>
>>>> Unless I'm totally misunderstanding what you want (validate that a
>>>> string starts with http://) try:
>>>>
>>>> if(strpos($url, 'http://') === 0) {
>>>>   //starts with http://
>>>> } esle {
>>>>   // does not start with http://
>>>> }
>>>>
>>>> --
>>>> Thanks!
>>>> -Shawn
>>>> http://www.spidean.com
>>>>
>>>> --
>>>> PHP General Mailing List (http://www.php.net/)
>>>> To unsubscribe, visit: http://www.php.net/unsub.php
>>>>
>>>
>>> Another possible solution could be:
>>>
>>> $ary = explode('://', $url);
>>> if (1 >= count($ary)) {
>>>     echo 'No schema specified!';
>>> } else {
>>>     // Schema specified.
>>>     // $ary[0] is the protocol
>>>     $allowed = array('http', 'https');
>>>     if (FALSE == in_array($ary[0], $allowed) {
>>>         // Protocol not valid!
>>>         exit(1); // or return FALSE; whatever...
>>>     }
>>>     // $ary[1] is the uri, validate with filter_var().
>>> }
>>>
>>> Hope this helps.
>>
>> May make more sense to use parse_url() than explode.
>>
>> --
>> Thanks!
>> -Shawn
>> http://www.spidean.com
>>
> 
> http://php.net/manual/en/function.parse-url.php
> "This function is not meant to validate the given URL..."
> 
> I would use parse_url() after URL validation.
> 

Shawn meant to use parse_url() in place of your explode statement.  He didn't
say to use parse_url() as a method to validate the url.

He said it would make more sense to do the following.

Also, use strict type matching if you want to compare against boolean(FALSE)

$allowed = array('http', 'https');

$scheme = parse_url($url, PHP_URL_SCHEME);

if (FALSE === in_array($scheme, $allowed) {
  // Protocol not valid!
  exit(1); // or return FALSE; whatever...
}

Seems a little less muddy to me.

Jim Lucas

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php