Validating IP addresses is an essential part of security and data validation in network-based applications. In PHP, there are multiple ways to verify if a string is a valid IP address. This blog post will discuss various methods, including built-in functions, regular expressions, and modern validation libraries, providing you with multiple solutions to handle IP address validation effectively.

Using filter_var Function

This method uses the built-in filter_var function in PHP, which is designed for data validation and sanitization.

Determine if you need to check for IPv4, IPv6, or both.

Use the filter_var function with appropriate filter arguments.
Check the return value for validation.

Example:

$ip_address = '127.0.0.1';
if (filter_var($ip_address, FILTER_VALIDATE_IP)) {
    echo 'Valid IP address';
} else {
    echo 'Invalid IP address';
}

Note: This method is straightforward, and it is widely recommended for its simplicity and reliability. Still, it doesn’t distinguish between public and private IP ranges.

Regular Expression Check

Regular expressions offer a highly customizable way to validate IP addresses.

Create a regular expression pattern for the IP format.

Use PHP’s preg_match to test the string against the pattern.
Analyze the result to see if the string is a valid IP address.

ExanokeL

$ip_address = '127.0.0.1';
$ipv4_pattern = '/^([0-9]{1,3}\.){3}[0-9]{1,3}$/';
if (preg_match($ipv4_pattern, $ip_address)) {
    echo 'Valid IP address';
} else {
    echo 'Invalid IP address';
}

Note: Patterns must be designed accurately, or they may produce false negatives or positives. They also don’t inherently support range checking, which might be a limitation in some use cases.

Using ip2long Function

The ip2long PHP function converts a string into an IPv4 Internet network address. If the function fails to convert the address, it returns false.

Attempt to convert the IP string with ip2long.

The result will either be a long integer or false.
If you get an integer, reverse the operation with long2ip and see if it matches the original IP.

Example:

$ip_address = '127.0.0.1';
if (long2ip(ip2long($ip_address)) === $ip_address) {
    echo 'Valid IP address';
} else {
    echo 'Invalid IP address';
}

Note: This approach is more restrictive as it only works for IPv4 addresses. Be cautious with leading zeroes, as ip2long may interpret them as octal numbers.

IPv6 Validation with inet_pton

For a robust IPv6 validation, the inet_pton function can parse both IPv4 and IPv6 addresses.

Call inet_pton with the IP address.

If it returns false, the IP address is not valid.

Example:

$ip_address = '::1';
if (inet_pton($ip_address)) {
    echo 'Valid IP address';
} else {
    echo 'Invalid IP address';
}

Note: While effective for both IPv4 and IPv6 address validation, this function is binary safe. Thus in certain environments, it could behave unexpectedly with non-standard inputs.

Conclusion

In PHP, IP address validation can be achieved through various methods, depending on the level of specificity and control required. Each method has its own advantages and use cases. For most applications, filter_var stands out for its simplicity and built-in nature. Regular expressions, while more complex, offer precise pattern matching, and ip2long or inet_pton offer additional functionality for specific IP versions. Choosing the right approach depends on the context of your validation needs and your application’s design considerations.

Next Article: How to format a float number to 2 decimal places in PHP

Previous Article: PHP: How to Extract Domain, Protocol, and Path from URL

Series: Working with Numbers and Strings in PHP

PHP