ixcese Posted February 6, 2012 Share Posted February 6, 2012 hi , i have this regex which check for valid URL = web address "/^(http|https|ftp):\/\/(www\.)?([A-Z0-9][A-Z0-9_-]*\.)?[A-Z0-9][A-Z0-9_-]*\.[A-Z]{2,3}(\.[A-Z]{2,3}){0,1}(\/){0,1}(.+)?$/i" my question is , is this regex good enough? what about the performance? and the security , is this regex doing good for it's goal? checking for valid url.. thank you.. Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/ Share on other sites More sharing options...
ragax Posted February 6, 2012 Share Posted February 6, 2012 I like the fact that it matches ftp://A.US.A879__*@@&&=+=+()<script="javascript_hackme"||DROP_MY_TABLE That's highly original for a "web address" checker. I'd suggest starting over and using something off the shelf. Let's see, taking something from the RB library, how about this? \b(https?|ftp|file)://[-A-Z0-9+&@#/%?=~_|$!:,.;]*[A-Z0-9+&@#/%=~_|$] Not saying that's the perfect regex, but perhaps a better place to start. Wishing you a fun week Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/#findComment-1314991 Share on other sites More sharing options...
ixcese Posted February 6, 2012 Author Share Posted February 6, 2012 may you can help me with that and give me some tutorial for high level regex syntax? or since i need only this one regex for my whole program you may help me and write something special for me? regards , Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/#findComment-1315008 Share on other sites More sharing options...
ragax Posted February 6, 2012 Share Posted February 6, 2012 Hi ixcese, do you think the expression I gave you from the RB library might work for you? Or do you have special requirements? Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/#findComment-1315010 Share on other sites More sharing options...
ixcese Posted February 6, 2012 Author Share Posted February 6, 2012 Hi ixcese, do you think the expression I gave you from the RB library might work for you? Or do you have special requirements? it's quiet a large project and i don't want to mess up this one.. i was looking for something "heavy" in some way , yeah you can laugh I've tried the code you gave me but it gives me errors.. -Code: $url = 'http//google.com/'; if(preg_match("\b(https?|ftp|file)://[-A-Z0-9+&@#/%?=~_|$!:,.;]*[A-Z0-9+&@#/%=~_|$]", $url)){ echo '1'; } -Error: Warning: preg_match() [function.preg-match]: Delimiter must not be alphanumeric or backslash Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/#findComment-1315017 Share on other sites More sharing options...
ragax Posted February 6, 2012 Share Posted February 6, 2012 Yes, I gave you the pure regex. To use it in PHP, we just need to wrap it in delimiters. As a working starting point from which we can refine the expression to what you want, try this: $url = 'http://google.com/'; if(preg_match("~^http://[a-z0-9-]+\.[a-z]{2,5}/?$~i", $url)){ echo '1'; } This is borrowing from [url=http://www.phpfreaks.com/forums/index.php?topic=353226.0]another thread from today[/url]. (The delimiter in this pattern is !.) Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/#findComment-1315018 Share on other sites More sharing options...
ragax Posted February 6, 2012 Share Posted February 6, 2012 (The delimiter in this pattern is !.) Sorry, I meant ~. Next, you can add an optional s: https? instead of http. You can allow ftp if you like: (?:https?|ftp) instead of https? You can add an optional www.: (?:www\.)? You can add optional DOT-subdomains: (?:\.[a-z0-9-]+)* You can add characters to the classes. Etc. Link to comment https://forums.phpfreaks.com/topic/256514-check-my-syntax-security-and-performance/#findComment-1315022 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.