Is FILTER_VALIDATE_URL being too strict?

Question

In PHP, filter_var(\'www.example.com\', FILTER_VALIDATE_URL) returns false. Is this correct? Isn\'t www.example.com a valid URL, or protoc

Answer 1

The URL have to correspond with the rules set forward in RFC 2396, and according to that spec the protocol is necessary.

Answer 2

The scheme ("protocol") part is required for FILTER_VALIDATE_URL.

Answer 3

In addition to Paul Dixon's answer I want to say that you can use flags for FILTER_VALIDATE_URL to specify which part of the URL must be presented.

FILTER_FLAG_SCHEME_REQUIRED
FILTER_FLAG_HOST_REQUIRED
FILTER_FLAG_PATH_REQUIRED
FILTER_FLAG_QUERY_REQUIRED

Since PHP 5.2.1 FILTER_FLAG_SCHEME_REQUIRED and FILTER_FLAG_HOST_REQUIRED flags used by default and, unfortunately, there is no way to disable them (you can't do something like filter_var($url, FILTER_VALIDATE_URL, ~FILTER_FLAG_SCHEME_REQUIRED); if the existence of the URL scheme part does not necessarily). It seems like a bug for me. There is a relative bugreport.

Answer 4

It's not a valid URL. Prefixing things with http:// was never a very user-friendly thing, so modern browsers assume you mean http if you just enter a domain name. Software libraries are, rightly, a little bit more picky!

One approach you could take is passing the string through parse_url, and then adding any elements which are missing, e.g.

if ( $parts = parse_url($url) ) {
   if ( !isset($parts["scheme"]) )
   {
       $url = "http://$url";
   }
}

Interestingly, when you use FILTER_VALIDATE_URL, it actually uses parse_url internally to figure out what the scheme is (view source). Thanks to salathe for spotting this in the comments below.