Jump to content

check my syntax - security and performance


Recommended Posts

hi ,

 

i have this regex which check for valid URL = web address

"/^(http|https|ftp):\/\/(www\.)?([A-Z0-9][A-Z0-9_-]*\.)?[A-Z0-9][A-Z0-9_-]*\.[A-Z]{2,3}(\.[A-Z]{2,3}){0,1}(\/){0,1}(.+)?$/i"

my question is , is this regex good enough?

what about the performance?

and the security , is this regex doing good for it's goal? checking for valid url..

 

thank you..

I like the fact that it matches

ftp://A.US.A879__*@@&&=+=+()<script="javascript_hackme"||DROP_MY_TABLE

 

That's highly original for a "web address" checker. ;)

 

I'd suggest starting over and using something off the shelf.

Let's see, taking something from the RB library, how about this?

 

\b(https?|ftp|file)://[-A-Z0-9+&@#/%?=~_|$!:,.;]*[A-Z0-9+&@#/%=~_|$]

 

Not saying that's the perfect regex, but perhaps a better place to start.

 

Wishing you a fun week

Hi ixcese,

 

do you think the expression I gave you from the RB library might work for you?

Or do you have special requirements?

it's quiet a large project and i don't want to mess up this one..

i was looking for something "heavy" in some way , yeah you can laugh :)

I've tried the code you gave me but it gives me errors..

-Code:

$url = 'http//google.com/';
if(preg_match("\b(https?|ftp|file)://[-A-Z0-9+&@#/%?=~_|$!:,.;]*[A-Z0-9+&@#/%=~_|$]", $url)){
	echo '1';
}

 

-Error:

Warning: preg_match() [function.preg-match]: Delimiter must not be alphanumeric or backslash

 

 

Yes, I gave you the pure regex.

To use it in PHP, we just need to wrap it in delimiters.

As a working starting point from which we can refine the expression to what you want, try this:

 

$url = 'http://google.com/';
if(preg_match("~^http://[a-z0-9-]+\.[a-z]{2,5}/?$~i", $url)){
	echo '1';
}

This is borrowing from [url=http://www.phpfreaks.com/forums/index.php?topic=353226.0]another thread from today[/url].

 

(The delimiter in this pattern is !.)

 

(The delimiter in this pattern is !.)

 

Sorry, I meant ~.

 

Next, you can add an optional s: https? instead of http.

You can allow ftp if you like: (?:https?|ftp) instead of https?

You can add an optional www.: (?:www\.)?

You can add optional DOT-subdomains: (?:\.[a-z0-9-]+)*

You can add characters to the classes.

Etc.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.