I wanna show users websites in their profiles but I don't know after I validate the user's input format to be the valid URL (https://userwebsite.com), is it safe to use that input in a tag (<a href="https://userwebsite.com">) to redirect other users to that website? if it's not safe is there any way to check the URL??
how facebook and others handle this situation like example below
This is a great question. There are many sites that provide the ability for users to enter URLs that are then provided as links. This has been bread and butter of forums for a long time.
The challenge is that we want to make sure that the URL is valid and doesn't encourage people to visit malicious sites. For the first part (is the URL valid) there are plenty of libraries out there that can check the URL for example urlparse for python. (Sorry I don't know PHP well enough to provide the equivalent example).
The second part is a little more interesting and depends on your circumstances. If you are running a non commercial site then Google Safe Browsing offers an API which I believe will allow you to filter out malicious links. If you are running a commercial site then there are alternatives for example SophosLabs Intelix.
In summary I believe that it is safe to do what you are asking as long as: