Community Snippets / admin / Validate URL (scheme + host)
PHP

Validate URL (scheme + host)

admin by @admin ADMIN
1d ago
May 31, 2026
Public
0 0 up · 0 down Sign in to vote
Beyond filter_var, also require the URL to have an http(s) scheme and a non-empty host. Rejects "javascript:" and other risky pseudo-schemes commonly seen in stored XSS.
PHP
Raw 
<?php
function isValidHttpUrl(string $url): bool {
    if (!filter_var($url, FILTER_VALIDATE_URL)) return false;
    $parts = parse_url($url);
    if (!$parts || empty($parts['host'])) return false;
    return in_array(strtolower($parts['scheme'] ?? ''), ['http', 'https'], true);
}

var_dump(isValidHttpUrl('https://example.com'));        // true
var_dump(isValidHttpUrl('javascript:alert(1)'));        // false
var_dump(isValidHttpUrl('ftp://files.example.com'));    // false
Tags
php validation url security

Save your own code snippets

Create a free account and build your private vault. Share publicly whenever you want.

Get Started Free Sign In