What is the best regex for validating an email address?

For most cases use a simple safe pattern: /^[^@\s]+@[^@\s]+\.[^@\s]+$/ — it covers 99% of real-world emails and prevents header injection. For strict RFC 5322 compliance, see the "Strict Email Validation RFC 5322" pattern at https://regexlib.dev/regex/email-strict.

How do I write a strong password regex with at least 12 characters and a special character?

Use positive lookaheads: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*]).{12,}$ — enforces lowercase, uppercase, digit, special character, and a 12-char minimum. See https://regexlib.dev/regex/password-very-strong.

What is the regex for ISO 8601 datetime with timezone?

^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}(?:\.\d{1,9})?(?:Z|[+-]\d{2}:\d{2})$ — accepts UTC (Z) or ±HH:MM offsets, with optional fractional seconds. Full reference at https://regexlib.dev/regex/iso-date-with-timezone.

How do I match a UUID v4 with regex?

^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$ — the "4" before the third hyphen and the [89ab] before the fourth ensure version 4 and a valid variant. See https://regexlib.dev/regex/uuid-v4.

How can I detect leaked Stripe, AWS, or OpenAI API keys in code?

Use prefix-anchored patterns: Stripe sk_(live|test)_[A-Za-z0-9]{24,}, AWS AKIA[0-9A-Z]{16}, OpenAI sk-[A-Za-z0-9]{20,}T3BlbkFJ[A-Za-z0-9]{20,}, Google AIza[0-9A-Za-z_-]{35}. Combine in a single pre-commit hook to catch leaks.

Does regex validate that a date is real (e.g., not February 31)?

No. Regex checks the format only. Pair the regex with new Date(value) in JavaScript or datetime.fromisoformat() in Python to verify the calendar correctness.

What is the simplest regex for an IPv4 address with octet validation?

^(?:(?:25[0-5]|2[0-4]\d|[01]?\d?\d)\.){3}(?:25[0-5]|2[0-4]\d|[01]?\d?\d)$ — enforces each octet between 0 and 255. See https://regexlib.dev/regex/ipv4.

How do I extract all URLs from a text with regex?

Use the global flag with: /https?:\/\/[^\s<>"']+/g — call text.match(re) to get every match. See https://regexlib.dev/regex/url-extract.

Why does my regex work in JavaScript but not in Python or Java?

Different engines have different syntax. JavaScript uses ECMAScript regex, Python uses re (PCRE-like, no recursion), Java uses java.util.regex (no \K), and Go uses RE2 (no lookarounds). Use the per-language code snippets on each pattern page — they escape the pattern correctly for each language.

Is RegexLib free? Do I need to sign up?

Yes, regexlib.dev is 100% free, no signup, no ads, and no rate limits. You can copy any pattern, test it live, and use the snippets in your project without attribution.

What is the regex for sql injection detection?

The regex pattern for sql injection detection is: ('|(\-\-)|(;)|(\|\|)|(\*)|( )|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b)) — Detects suspicious SQL injection patterns. It matches inputs like ' OR '1'='1, admin'--, 1; DROP TABLE users and rejects inputs like normal text, user123.

How do I use the SQL Injection Detection regex in Python?

Import re and use re.fullmatch(r"('|(\-\-)|(;)|(\|\|)|(\*)|( )|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b))", value) for whole-string validation, or re.findall(r"('|(\-\-)|(;)|(\|\|)|(\*)|( )|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b))", text) to extract matches. Compile with re.compile() for repeated use.

Is the sql injection detection regex production-ready?

Yes — every pattern is tested against valid and invalid examples. For critical inputs, pair it with server-side validation: Luhn algorithm for credit cards, mod-97 for IBAN, real DNS / MX lookup for emails, libphonenumber for phone numbers.

Why does the sql injection detection regex fail in Python, Java, or Go?

Different regex engines (ECMAScript, PCRE, java.util.regex, Python re, Go RE2) support slightly different syntax — RE2 has no lookarounds or backreferences. Use the per-language code snippets above; they escape the pattern correctly for each language.

Can I edit and test the sql injection detection regex live?

Yes — use the live tester on this page. Type your test string and toggle flags (g, i, m, s, u, y) to see matches and capture groups highlighted instantly. The URL is shareable.

Securitypopular

SQL Injection Detection Regex Pattern

Detects suspicious SQL injection patterns.

Pattern

('|(\-\-)|(;)|(\|\|)|(\*)|(<)|(>)|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b))

Tested examples

' OR '1'='1

admin'--

1; DROP TABLE users

normal text

user123

Test it live

Live Regex TesterJS

8 matches

Pattern

Test string

Result

' OR '1'='1
admin'--
1; DROP TABLE users

Match 1at index 0

'

$1: '$2: ∅$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Match 2at index 2

OR

$1: OR$2: ∅$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: OR$16: ∅

Match 3at index 5

'

$1: '$2: ∅$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Match 4at index 7

'

$1: '$2: ∅$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Match 5at index 9

'

$1: '$2: ∅$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Match 6at index 17

'

$1: '$2: ∅$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Match 7at index 18

--

$1: --$2: --$3: ∅$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Match 8at index 22

;

$1: ;$2: ∅$3: ;$4: ∅$5: ∅$6: ∅$7: ∅$8: ∅$9: ∅$10: ∅$11: ∅$12: ∅$13: ∅$14: ∅$15: ∅$16: ∅

Use it in your language

Use it in

// JavaScript / Node.js
const regex = /('|(\-\-)|(;)|(\|\|)|(\*)|(<)|(>)|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b))/;
const value = "' OR '1'='1";
const isMatch = regex.test(value);
console.log(isMatch); // true / false

// Extract all matches
const matches = value.match(/('|(\-\-)|(;)|(\|\|)|(\*)|(<)|(>)|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b))/g) || [];

Frequently asked questions

How do I use the SQL Injection Detection regex pattern in JavaScript?

Wrap the pattern in slashes: const re = /('|(\-\-)|(;)|(\|\|)|(\*)|(<)|(>)|(\^)|(\[)|(\])|(\{)|(\})|(%)|(\$)|(\bOR\b)|(\bAND\b))/; — then call re.test(value) to check a single value, or value.match(re) to find matches. The "Use it in" snippets above give you the exact code for 9 languages.

Is this sql injection detection regex production-ready?

Yes — every pattern in the library is tested against valid and invalid examples. Still, regex is one layer in a defense-in-depth strategy: pair it with server-side validation (e.g. Luhn for credit cards, mod-97 for IBAN, real DNS lookup for emails) for critical inputs.

Why does my pattern fail in another language?

Different regex engines (PCRE, Java, Python, Go's RE2) support slightly different syntax. The most common gotchas: lookbehinds (not in RE2), named groups syntax, and how backslashes need to be escaped inside string literals. The code snippets above already escape correctly for each language.

Can I edit this pattern and test it live?

Yes — use the live tester above. Type your test string and toggle flags (g, i, m, s, u, y) to see matches highlighted instantly, including capture groups.

Related patterns

See all Security →

Security

All patterns Open regex tester Regex cheatsheet

SQL Injection Detection Regex Pattern

Tested examples

Test it live

Use it in your language

Tags

Frequently asked questions

Related patterns

Strong Password

JWT Token

Ultra-Secure Password

Basic XSS Detection

TOTP / OTP Code

AWS Access Key ID