How can I harden input used with preg_match/replace regex?

I am working with a PHP script that f开发者_JS百科inds

var $_plgCode       = "#{comment(.*?) contentid=(.*?) option=(.*?) contenttitle=(.*?)}#i";

and then later uses this in:

preg_match_all($this->_plgCode, $_body, $matches);

and

$_body = preg_replace($this->_plgCode, $output, $_body);

The problem is that contenttitle can contain user input and hasn't been hardened at all - so lots of things will break it, like if a user enters }, for example.

What kind of escaping of user input needs to be done on the contenttitle to ensure it doesn't break the REGEX?

Use preg_quote