4.6.x common.inc valid_url($url, $absolute = FALSE)
4.7.x common.inc valid_url($url, $absolute = FALSE)
5.x common.inc valid_url($url, $absolute = FALSE)
6.x common.inc valid_url($url, $absolute = FALSE)
7.x common.inc valid_url($url, $absolute = FALSE)

Verifies the syntax of the given URL.

This function should only be used on actual URLs. It should not be used for Drupal menu paths, which can contain arbitrary characters. Valid values per RFC 3986.


$url: The URL to verify.

$absolute: Whether the URL is absolute (beginning with a scheme such as "http:").

Return value

TRUE if the URL is in a valid format.

Related topics

11 calls to valid_url()
aggregator_form_feed_validate in modules/aggregator/aggregator.admin.inc
Form validation handler for aggregator_form_feed().
aggregator_form_opml_submit in modules/aggregator/aggregator.admin.inc
Form submission handler for aggregator_form_opml().
aggregator_form_opml_validate in modules/aggregator/aggregator.admin.inc
Form validation handler for aggregator_form_opml().
comment_form_validate in modules/comment/comment.module
Validate comment form submissions.
CommonURLUnitTest::testDrupalParseUrl in modules/simpletest/tests/common.test
Test drupal_parse_url().

... See full list


includes/common.inc, line 1247
Common functions that many Drupal modules will need to reference.


function valid_url($url, $absolute = FALSE) {
  if ($absolute) {
    return (bool) preg_match("
      /^                                                      # Start at the beginning of the text
      (?:ftp|https?|feed):\/\/                                # Look for ftp, http, https or feed schemes
      (?:                                                     # Userinfo (optional) which is typically
        (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)*      # a username or a username and password
        (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@          # combination
        (?:[a-z0-9\-\.]|%[0-9a-f]{2})+                        # A domain name or a IPv4 address
        |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\])         # or a well formed IPv6 address
      (?::[0-9]+)?                                            # Server port number (optional)
        (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})   # The path and query (optional)
    $/xi", $url);
  else {
    return (bool) preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url);


wdakamal’s picture

It seems like, there are some problems with the validation pattern, please check @diegoperini in http://mathiasbynens.be/demo/url-regex, I used it and it works fine with me.

a_thakur’s picture

The function returns TRUE for invalid URL too.

shekhar_juneja’s picture

Fuction has error, Returns TRUE for wrong url also.

Jalandhar’s picture

If you pass the second argument as TRUE, then this function is returning TRUE for Absolute URL like valid_url($url, TRUE);

kala4ek’s picture

This function always return FALSE for right cyrillic url, such us http://яндекс.рф

ohthehugemanatee’s picture

This function isn't perfect... a different option is to use PHP's built in filter_var function:

filter_var($url, FILTER_VALIDATE_URL)

Also not perfect, but perhaps better.

formatC'vt’s picture

mpoplin’s picture

I can confirm that this function fails to catch some incorrect values passed to it (in my case, an absolute URL missing the '.com' at the end). Is there a reason why this has not been fixed?

marcvangend’s picture

I assume that it wasn't fixed because technically speaking, it is not broken. The official standard for URL's does not require a TLD like ".com". For instance, if you are a developer you probably know that http://localhost is a perfectly valid URL.

dafnie’s picture

This function return false when there are _(underscore) in the URL.
The problem is explained in this tread

GiorgosK’s picture

This function fails to accept URLs with UTF8 characters in it in particular greek characters (also cyrillic as mention above)
example https://www.facebook.com/ΑΝΤΩΝΗΣ-ΜΙΤΖΕΛΟΣADONIS-MITZELOS-42758056678 not valid for this function

also tried replacing it with filter_var($url, FILTER_VALIDATE_URL) === FALSE
as per this solution http://stackoverflow.com/questions/2058578/best-way-to-check-if-a-url-is...
but still does not accept Greek and also does not accept underscore in URL (first mentioned from dafnie above

perhaps a function that checks if the URL is reachable as presented on following link is a better solution ?

is there a bug report for this ?

mikeyjk’s picture

I think the URL needs to be encoded before validating:


I.e. that -should- pass validation.
For instance if you access this URL in chrome/firefox and inspect your network traffic, you should actually see a GET request to that URL rather than the URL with the international characters.

I have a loose preference for using PHP's filter_var() - but it's not necessarily clear to me which approach is better. I'm a little biased -against- regex though :).

Edit: after playing around, filter_var() doesn't really seem like that great of a solution, the flags assume a fully fleshed out URL, including scheme... valid_url() seems to think 'www.google.com@@' is valid as well..

How did you end up going with this?