4.6.x common.inc valid_url($url, $absolute = FALSE)
4.7.x common.inc valid_url($url, $absolute = FALSE)
5.x common.inc valid_url($url, $absolute = FALSE)
6.x common.inc valid_url($url, $absolute = FALSE)
7.x common.inc valid_url($url, $absolute = FALSE)

Verify the syntax of the given URL.

This function should only be used on actual URLs. It should not be used for Drupal menu paths, which can contain arbitrary characters. Valid values per RFC 3986.


$url: The URL to verify.

$absolute: Whether the URL is absolute (beginning with a scheme such as "http:").

Return value

TRUE if the URL is in a valid format.

Related topics

3 calls to valid_url()
aggregator_form_feed_validate in modules/aggregator/aggregator.admin.inc
Validate aggregator_form_feed form submissions.
comment_validate in modules/comment/comment.module
Validate comment data.
profile_validate_profile in modules/profile/profile.module


includes/common.inc, line 1049
Common functions that many Drupal modules will need to reference.


function valid_url($url, $absolute = FALSE) {
  if ($absolute) {
    return (bool) preg_match("
      /^                                                      # Start at the beginning of the text
      (?:ftp|https?|feed):\/\/                                # Look for ftp, http, https or feed schemes
      (?:                                                     # Userinfo (optional) which is typically
        (?:(?:[\w\.\-\+!$&'\(\)*\+,;=]|%[0-9a-f]{2})+:)*      # a username or a username and password
        (?:[\w\.\-\+%!$&'\(\)*\+,;=]|%[0-9a-f]{2})+@          # combination
        (?:[a-z0-9\-\.]|%[0-9a-f]{2})+                        # A domain name or a IPv4 address
        |(?:\[(?:[0-9a-f]{0,4}:)*(?:[0-9a-f]{0,4})\])         # or a well formed IPv6 address
      (?::[0-9]+)?                                            # Server port number (optional)
        (?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})   # The path and query (optional)
    $/xi", $url);
  else {
    return (bool) preg_match("/^(?:[\w#!:\.\?\+=&@$'~*,;\/\(\)\[\]\-]|%[0-9a-f]{2})+$/i", $url);


kiamlaluno’s picture

URLs that contain characters with a code not included in the ASCII set are always reported to be not valid. In this case, pass the URL to drupal_urlencode() before.

mfer’s picture

The spec is specific to ascii text. PHP 5.3 (and in PECL before that) has idn_to_ascii() which can do the conversion before passing through to valid_url.

Daemon_Byte’s picture

surely rather than parsing unicode into ascii this function should be modified to accept unicode given that it is now allowed to have non ascii urls.

Gekiboy’s picture

In order for a URL to be loaded via SSL on SSL enabled pages and the standard HTTP protocol on non-SSL pages, a standard trick is to leave the protocol out of the URL. For instance, specifying a JS file to be located at "//example.com/file.js" will use the https protocol on SSL pages and the http protocol non-SSL pages. However this function claims that a URL of that format is invalid as it doesn't contain the protocol.