RegEx (regular expressions): Secret weapon of the programmers

RegEx (regular expressions): Secret weapon of the programmers

Regular expressions, RegEx or RegExp are strings that allow us to compare strings according to a given pattern and replace expressions. This is useful, for example, when validating user input. RegEx is versatile and therefore a real secret weapon!

If you want to start directly with the code, jump right there!

What is RegEx?

I have been using RegEx for many years and with a little practice it is very easy to validate user input. We will discuss this in more detail in this article, but first something about the general use of RegEx.

Many have already met RegEx – perhaps unconsciously. For example, in the text editor Sublime Text 3, but also in almost every other text editor, there is a possibility in the search function to search for exactly these expressions and to replace them if necessary.

RegEx in Sublime Text 3

It’s like we’re looking for certain people in a bunch of people. We can look for all people who wear something red. But we can only look for people who wear a red top. At RegEx we search in a list of strings (text file) certain strings (here red tops). For us humans this task is much more difficult than for a computer. That’s why RegEx is such a powerful tool.

Hidden object picture to explain RegEx

We will only discuss the validation of user input here. Here is a small excerpt of data that we can validate very well:

  • Phone numbers
  • E-Mail Addresses
  • Usernames
  • URLs
  • Bank details
  • Age
  • Birthdate
  • Password security
  • and many more..

And how do I do that now!?

For testing and “building” RegEx I use I think this site is great, because I can switch between live changes and match ads as well as between languages like PHP and JavaScript, which are important for me. In some languages there are minimal differences. Example

Since validation should take place on the server side, I show the validation once for PHP and for JavaScript (Node.js). You don’t have to pay attention to the given expressions at first, then go into the individual components.

Validation in PHP

We write the RegEx string as a normal string, but at the beginning and at the end we have to add a slash. The variable $password is in your code of course from the POST or GET request.

Then we call the function preg_match(). We pass the password and the RegEx string to this function. It will then check if the expression occurs in our password and display a corresponding message.

$regex = "/[A-Za-z0-9]{6,32}/";
$password = "JOsdf35409";

if(preg_match($regex, $password)) {
    exit("password valid");
} else {
    exit("password invalid");

Validation in JavaScript (Node.js)

In JavaScript it works almost identically. Also here we have the RegEx string and our password in a varibale. But there are two small differences:

Behind our expression there is a small “g”. This is a modifier and indicates where to search for the occurrence. In this case “g” stands for global. Additionally the function match() on the string to be validated is called in JavaScript. But the result is the same as in PHP.

var regex = /[A-Za-z0-9]{6,32}/g;
var password = 'JOsdf35409';

if (password.match(regex)) {
    console.log('password valid');
} else {
    console.log('password invalid');

Validate password strength

A very important function is to check passwords for security. Exactly for this we create a RegEx String. You have already learned how to use it in the previous step. Don’t let it deter you, it looks worse than it is!


Limit String

The characters “^” and “$” indicate that the string begins and ends. Before and after this nothing may follow.


As in mathematics, brackets group individual expressions. This is also the case here.

The “?=” at the beginning of the brackets may be confusing. These only say that the expressions should not be matched. This is not necessary here. In other applications, however, we would like to “get out” a certain part of the string, for example. For this example you could leave out the two characters.

Search for characters, digits and special characters

That “.*” means anything, as often as you want. The dot stands for each sign and the asterisk says as often as you want. So here every sign can follow.

The “[]” brackets indicate quantities. Here we have a set of characters, digits and special characters. “A-Z” means that all capital letters from A-Z are allowed. The same applies to “a-z” for lower case letters and “0-9” for numbers.

All permitted special characters are listed here individually.

Set length

We can define the length using the expression “{3,32}”. The first parameter is the minimum length and the second the maximum length. In this case our password should be at least three, but not more than 32 characters long.

This is my version for validating the password strength. Of course there are endless possibilities. If you want the password to be at least 10 characters long, you can now change it accordingly.


RegEx, or regular expressions are – as mentioned at the beginning – a real secret weapon! Data can be validated unbeatably fast. If you want to learn more about RegEx, I can recommend these interactive tasks to you. I also started with it once and they lead you step by step through the individual expressions.

If you have problems creating a RegEx string for your problem, you can find many results on the internet that you can use. Just ask Dr. Google. šŸ˜‰

I hope I was able to make the secret weapon of the programmers palatable to you, because sooner or later you will encounter a problem which can be solved with RegEx! šŸ™‚

Leave a comment

Your email address will not be published. Required fields are marked *