Preg_match alphanumeric -_' ", and white space

Anyone have a regex to allow alphanumerics and -_",' 开发者_开发问答as well as white spaces?

Try this one:

/^[A-Za-z0-9-_",'\s]+$/

I have read quite a lot on the \s flag within regex, I see it handed out like candy all over stackoverflow however it would appear that the \s flag matches all on metacharacters and also skips line breaks.

This will allow ignoring filtered user input for all kinds of characters you do not want in your software, website or database.

The \s flag also skips new line breaks leaving filtered code vulnerable to inclusion so use this method at your own risk otherwise happy hacking lol...

You may consider something like this: /[^\p{Xan}]++$/D

• \p{Xan} matches all unicode alphabet letters and numbers, if this
  doesn't allow all alphabet white space then I am unsure how to safly match these for a filter.

• ++ makes use of the possessive quantifier that can help optimize the match

• $/D causes the regex to terminate at the end of the string and not skip over any characters before a line break

\s flag:

Ref: http://php.net/manual/en/reference.pcre.pattern.modifiers.php

s (PCRE_DOTALL) If this modifier is set, a dot metacharacter in the pattern matches all characters, including newlines. Without it, newlines are excluded. This modifier is equivalent to Perl's /s modifier. A negative class such as [^a] always matches a newline character, independent of the setting of this modifier.

Metacharacters:

Ref: http://en.wikipedia.org/wiki/Metacharacter

A metacharacter is a character that has a special meaning (instead of a literal meaning) to a computer program, such as a shell interpreter or a regular expression engine.

In regular expressions, there are 11 metacharacters that must always be preceded by a backslash, \, to be used inside of the expression:

The opening square bracket [, the backslash \, the caret ^, the dollar sign $, the period or dot ., the vertical bar or pipe symbol |, the question mark ?, the asterisk or star *, the plus sign +, the opening round bracket ( and the closing round bracket ).[1]

If you want to use any of these characters as a literal in a regex, you need to escape them with a backslash. If you want to match 1+1=2, the correct regex is 1+1=2. Otherwise, the plus sign will have a special meaning.