How to check if a string is base64 valid in PHP

Question

I have a string and want to test using PHP if it\'s a valid base64 encoded or not.

Answer 1

This is a really old question, but I found the following approach to be practically bullet proof. It also takes into account those weird strings with invalid characters that would cause an exception when validating.

    public static function isBase64Encoded($str) 
{
    try
    {
        $decoded = base64_decode($str, true);

        if ( base64_encode($decoded) === $str ) {
            return true;
        }
        else {
            return false;
        }
    }
    catch(Exception $e)
    {
        // If exception is caught, then it is not a base64 encoded string
        return false;
    }

}

I got the idea from this page and adapted it to PHP.

Answer 2

Old topic, but I've found this function and It's working:

function checkBase64Encoded($encodedString) {
$length = strlen($encodedString);

// Check every character.
for ($i = 0; $i < $length; ++$i) {
$c = $encodedString[$i];
if (
($c < '0' || $c > '9')
&& ($c < 'a' || $c > 'z')
&& ($c < 'A' || $c > 'Z')
&& ($c != '+')
&& ($c != '/')
&& ($c != '=')
) {
// Bad character found.
return false;
}
}
// Only good characters found.
return true;
}

Answer 3

I am using this approach. It expects the last 2 characters to be ==

substr($buff, -2, 1) == '=' && substr($buff, -1, 1) == '=')

Update: I ended up doing another check if the one above fails base64_decode($buff, true)

Answer 4

I realise that this is an old topic, but using the strict parameter isn't necessarily going to help.

Running base64_decode on a string such as "I am not base 64 encoded" will not return false.

If however you try decoding the string with strict and re-encode it with base64_encode, you can compare the result with the original data to determine if it's a valid bas64 encoded value:

if ( base64_encode(base64_decode($data, true)) === $data){
    echo '$data is valid';
} else {
    echo '$data is NOT valid';
}

Answer 5

i know that i resort a very old question, and i tried all of the methods proposed; i finally end up with this regex that cover almost all of my cases:

$decoded = base64_decode($string, true);
if (0 < preg_match('/((?![[:graph:]])(?!\s)(?!\p{L}))./', $decoded, $matched)) return false;

basically i check for every character that is not printable (:graph:) is not a space or tab (\s) and is not a unicode letter (all accent ex: èéùìà etc.)

i still get false positive with this chars: £§° but i never use them in a string and for me is perfectly fine to invalidate them. I aggregate this check with the function proposed by @merlucin

so the result:

function is_base64($s)
{
  // Check if there are valid base64 characters
  if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $s)) return false;

  // Decode the string in strict mode and check the results
  $decoded = base64_decode($s, true);
  if(false === $decoded) return false;

  // if string returned contains not printable chars
  if (0 < preg_match('/((?![[:graph:]])(?!\s)(?!\p{L}))./', $decoded, $matched)) return false;

  // Encode the string again
  if(base64_encode($decoded) != $s) return false;

  return true;
}

Answer 6

I write this method is working perfectly on my projects. When you pass the base64 Image to this method, If it valid return true else return false. Let's try and let me know any wrong. I will edit and learn in the feature.

/**
 * @param $str
 * @return bool
 */
private function isValid64base($str){
    if (base64_decode($str, true) !== false){
        return true;
    } else {
        return false;
    }
}