Validate localhost: make sure localhost only


In a form, I would like to make sure that only a “localhost” url is allowed. So what should I look for? and http://localhost? Is that all? I’ve seen numbers after “localhost” sometimes ("localhost:****) so I’m not so sure if I have to check for those or not.


127 addresses may end higher than 1, i.e.,, any address is a localhost IP. And IPv6 has something like ::1 for localhost.

Is there a regexp to validate localhost? Should I simply allow everything that doesn’t end with a “.soemthing” as it seems that you can map any name to your local machine?

Can I ask…what the purpose of this is?

yeah i don’t see the point in this… but

you should mess with the $_SERVER enviroment

@logic_earth and @Shaydez,

I test for localhost and define a LOCALHOST constant that is used to test environments.

A single file can then be safely used to upload all files and prevent that “Oh sh!t” moment :slight_smile:

   ? NULL
   : define('LOCALHOST', in_array($_SERVER['SERVER_NAME'], array('localhost', '') ));
  $advert = '_google_250x250';
  echo "<div class='" .$advert ."'>";
    if( LOCALHOST )  { include PATH_ADVERT .$advert .'.js';} else {echo $advert; }
  echo '</div>';

So you leave all that localhost stuff in the production code? My solution is better…I run the code as it will run on the production server, under a proper domain, and server configuration (not in a sub-directory).

I am always keen to learn new techniques and would be grateful if you could explain your system.

I test for LOCALHOST and use it for MySql connect strings, passwords, do not display Google Ads locally, etc

With Apache I use VirtualHost to create multiple distinct web sites. IIS is the same but uses different configuration methodologies. Combined with using “hosts” to create domain names. (An actual DNS server can also be used.)

I also use Apache VirtualHosts and a single common constants.php file that is used to set the specific environment strings.

It appears that your system is similar to mine.