4.6 common.inc valid_url($url, $absolute = FALSE)
4.7 common.inc valid_url($url, $absolute = FALSE)
5 common.inc valid_url($url, $absolute = FALSE)
6 common.inc valid_url($url, $absolute = FALSE)
7 common.inc valid_url($url, $absolute = FALSE)

Verifies the syntax of the given URL.

This function should only be used on actual URLs. It should not be used for Drupal menu paths, which can contain arbitrary characters. Valid values per RFC 3986.


$url: The URL to verify.

$absolute: Whether the URL is absolute (beginning with a scheme such as "http:").

Return value

TRUE if the URL is in a valid format.

Related topics

11 calls to valid_url()
aggregator_form_feed_validate in modules/aggregator/aggregator.admin.inc
Form validation handler for aggregator_form_feed().
aggregator_form_opml_submit in modules/aggregator/aggregator.admin.inc
Form submission handler for aggregator_form_opml().
aggregator_form_opml_validate in modules/aggregator/aggregator.admin.inc
Form validation handler for aggregator_form_opml().
comment_form_validate in modules/comment/comment.module
Validate comment form submissions.
CommonURLUnitTest::testDrupalParseUrl in modules/simpletest/tests/common.test
Test drupal_parse_url().

... See full list


includes/common.inc, line 1237
Common functions that many Drupal modules will need to reference.


function valid_url($url, $absolute = FALSE) {
  if ($absolute) {
    return (bool) preg_match("
      /^                                                      # Start at the beginning of the text
      (?:ftp|https?|feed):\/\/                                # Look for ftp, http, https or feed schemes
      (?:                                                     # Userinfo (optional) which is typically
        (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)*      # a username or a username and password
        (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@          # combination
        (?:[a-z0-9\-\.]|%[0-9a-f]{2})+                        # A domain name or a IPv4 address
        |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\])         # or a well formed IPv6 address
      (?::[0-9]+)?                                            # Server port number (optional)
        (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})   # The path and query (optional)
    $/xi", $url);
  else {
    return (bool) preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url);


It seems like, there are some problems with the validation pattern, please check @diegoperini in http://mathiasbynens.be/demo/url-regex, I used it and it works fine with me.

The function returns TRUE for invalid URL too.

Fuction has error, Returns TRUE for wrong url also.

If you pass the second argument as TRUE, then this function is returning TRUE for Absolute URL like valid_url($url, TRUE);

This function always return FALSE for right cyrillic url, such us http://яндекс.рф

This function isn't perfect... a different option is to use PHP's built in filter_var function:

filter_var($url, FILTER_VALIDATE_URL)

Also not perfect, but perhaps better.

I can confirm that this function fails to catch some incorrect values passed to it (in my case, an absolute URL missing the '.com' at the end). Is there a reason why this has not been fixed?

I assume that it wasn't fixed because technically speaking, it is not broken. The official standard for URL's does not require a TLD like ".com". For instance, if you are a developer you probably know that http://localhost is a perfectly valid URL.

This function return false when there are _(underscore) in the URL.
The problem is explained in this tread