Properly validating a link?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Properly validating a link?

Post by Citizen »

Currently, I'm using this to validate user submitted links:

Code: Select all

 
function validLink($link) {
    if(preg_match("/http:\/\//", $link)) {
        return true;
    } else {
        return false;
    }
}
 
But I'm not confident that after this simple check, that the link is safe to echo out in the page in this manner:

Code: Select all

echo"<a href='$link'>Click here</a>";
Doesnt that open it up to XSS and invalid links?
User avatar
mfrank410
Forum Newbie
Posts: 4
Joined: Fri Feb 27, 2009 1:45 pm
Location: Toronto, Canada

Re: Properly validating a link?

Post by mfrank410 »

You could use cURL to read the page content the link is suppose to point to and check to make sure you get response code 200 back.
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Re: Properly validating a link?

Post by Citizen »

Right, but what if its not an active link? What I'm looking for is a way to just test to see if it 'looks' like a valid link and has no invalid characters. (or remove invalid characters). I don't know enough about link standards to define exactly what isnt allowed; I'm hoping someone has an existing validateLink function.
Post Reply