Regular expression to remove from string

I have searched but I can’t find a simple method to remove links of the form or etc from a string. I have found regular expressions that remove urls that start with http:// but not straightforward www ones. Any suggestions?

This is the code I have got to remove urls from a string called $data:

$data = preg_replace(‘/\b(https?|ftp|file):\/\/[-A-Z0-9+&@#\/%?=~|$!:,.;]*[A-Z0-9+&@#\/%=~|$]/i’, ‘’, $data);

This simply deletes any links, so it will remove for example [COLOR=“#FF0000”][/COLOR] but not

Thanks for any suggestions.

Would it be acceptable to simply disable the link by stripping dots and slashes?

Thanks for the reply. I need to remove any link in its entirety. There will also be HTML in the string so I can’t simply remove any HTML. I don’t want to leave a link that is human readable either.

I haven’t had a chance to fully test this one yet (I will later), but this is my quick attempt before my morning coffee.

$data = preg_replace('/\\b((https?|ftp|file):\\/\\/|www\\.)[-A-Z0-9+&@#\\/%?=~_|$!:,.;]*[A-Z0-9+&@#\\/%=~_|$]/i', '', $data); 

Do you actually want to remove all <a href=“”></a> tags from the string?

Thanks for that. That gets rid of pretty much any link, the only exception being if someone types in for example. Would it be easy to catch anything with a .com or etc on the end as well?

No. I just want to get rid of any actual websites, human or machine readable. What I want to avoid is someone adding a link or saying something like “check out this great website”. I don’t mind if the <a> tags are still there afterwards.

Not really possible. Humans can parse out www dot example dot com quite easily after all. You’ll never come up with an expression that stops all possible ways of including a link reference in a message. You can strip anchor tags and perhaps any string ending in .com, but a persistent spammer will find a way to include the link.

You could always use [fphp]strip_tags[/fphp], giving it a list of tags you want to allow

You could try this

$data = preg_replace('/\\b((https?|ftp|file):\\/\\/|www\\.)?[-A-Z0-9+&@#\\/%?=~_|$!:,.;]*[A-Z0-9+&@#\\/%=~_|$]/i', '', $data);

Yeah, that was the solution I was angling towards - seems to offer a greater degree of protection too.

I wonder how effective a security solution that really is?

Not very, as you can place onmouseover tags on anything and pretty much get XSS attacks to varying degrees. Which is why it is very important to NOT allow your users to write HTML that will be displayed directly and to instead force the use of shortcodes (such as WP) or bbcodes (for forums). At least you can then use strip tags and have full control of the output of the shortcodes and bbcodes.

Thanks for that. What is is supposed to do differently to the code above?

Agreed. These are all users who have registered and have had their identities verified in some way. I just want to make it impossible to add a working link and harder to add a human readable link, which the code does do quite well.

Outside of spammers, why is link sharing among users a problem for your site?

It should remove or, whereas the original didn’t.

Because the pages are open to visitors as well as the users and I don’t want visitors to the site distracted by endless links to other sites. If someone wants to advertise something there are paid options.

Well, your site, your rules. I don’t know enough about the place to know what will and won’t work in your specific case, but in general the more you try to control what users can post the more likely they will simply choose to post elsewhere. It’s one thing to disallow link tags, but disallowing mentions of other domains is the sort of thing that would send me to your competitor pretty much immediately.

I understand the point you are making but that’s not a problem. Their information should be on their page, not on another page that they want to link to - there is no legitimate reason to want to add a link and I doubt if anyone will complain. In fact if I automatically remove links, they are less likely to be annoyed than if I manually removed them later. Rules is rules!