I have simple question. User supplies URL to my PHP script where I fetch

Question

0

Asked: June 1, 20262026-06-01T14:36:06+00:00 2026-06-01T14:36:06+00:00

I have simple question. User supplies URL to my PHP script where I fetch

0

I have simple question. User supplies URL to my PHP script where I fetch the page from the URL and parse it and show some snippet to user. Now I want to sanitize or better escape the URL so it is safe for me to fetch it by using file_get_contents().

My simplified code looks like this:

$url = $_POST['url'];
$html = file_get_contents($url);

First thing what came to my mind is to use regex for catching evil URL, but I don’t think it is efficient and better would be escape the whole URL. But what PHP function can I use for escaping URL for use in file_get_contents() function ?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-01T14:36:07+00:00

Editorial Team

2026-06-01T14:36:07+00:00Added an answer on June 1, 2026 at 2:36 pm

You could simply require the url to start with http:// or https://.

Luckily PHP is smart enough not to follow redirects to a file:// url.
However, it does follow redirects to ftp:// urls, so you better make sure your server cannot access any internal ftp servers without authentication.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have simple question. User supplies URL to my PHP script where I fetch

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply