Viewed   62 times

Is there a good way of test if a string is a regex or normal string in PHP?

Ideally I want to write a function to run a string through, that returns true or false.

I had a look at preg_last_error():

<?php
preg_match('/[a-z]/', 'test');
var_dump(preg_last_error());
preg_match('invalid regex', 'test');
var_dump(preg_last_error());
?>

Where obviously first one is not an error, and second one is. But preg_last_error() returns int 0 both times.

Any ideas?

 Answers

1

The only easy way to test if a regex is valid in PHP is to use it and check if a warning is thrown.

ini_set('track_errors', 'on');
$php_errormsg = '';
@preg_match('/[blah/', '');
if($php_errormsg) echo 'regex is invalid';

However, using arbitrary user input as a regex is a bad idea. There were security holes (buffer overflow => remote code execution) in the PCRE engine before and it might be possible to create specially crafted long regexes which require lots of cpu/memory to compile/execute.

Tuesday, December 20, 2022
 
3

Why not have something like:

$reg = "/^(s*?)selects*?.*?s*?from([s]|[^;]|(['"].*;.*['"]))*?;s*?$/i";

works for the SQL select query examples: http://www.phpliveregex.com/p/6nP.

It also checks that the only SQL query being run is the select query, therefore it should only validate them. It does this by making sure that there is only one ; unless that ; is within a string, so the below will validate.

select * from users where id=1 AND name= 'Pra;bhu';

But this will not.

select * from users where id=1 AND name= 'Prabhu'; drop table;

And the regular expression which doesn't check for ; within a string and will fail if it is in it:

$reg = "/^(s*?)selects*?.*?s*?from([s]|[^;])*?;s*?$/i"
Wednesday, September 28, 2022
 
3

If a simple pattern would be sufficient depends on how your input could look like.

$re = '~Q$data['infos'][]E.*?);~s';
  • Q...E is used to match literally (also could escape the brackets/dollar).
  • .*? in single line mode (s flag) matches lazily any amount of any character.

See demo at regex101 or php demo at eval.in

Sunday, October 30, 2022
1

In Java Regex, there's a difference between Matcher.find() (find a match anywhere in the String) and Matcher.matches() (match the entire String).

String only has a matches() method (implemented equivalent to this code:Pattern.compile(pattern).matcher(this).matches();), so you need to create a pattern that matches the full String:

System.out.println("I end with a number 4".matches("^.*\d$"));
Monday, November 14, 2022
 
4

That would be testing your input against:

.[a-z]{2}-[A-Z]{2}$

This is really very literal: "match a dot (., the dot being a special character in regexes), followed by exactly two of any characters from a to z ([a-z]{2} -- [...] is a character class), followed by a dash (-), followed by two of any characters from A to Z ([A-Z]{2}), followed by the end of input ($).

http://www.dotnetperls.com/regex-match <-- how to apply this regex in C# against an input. It means the code would look like (UNTESTED):

// Post edit: this will really return a boolean
if (Regex.Match(input, @".[a-z]{2}-[A-Z]{2}$").Success) {
    // there is a match
}

http://regex.info <-- buy that and read it, it is the BEST resource for regular expressions in the universe

http://regular-expressions.info <-- the second best resource

Friday, September 9, 2022
 
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :