0

I'm having trouble understanding the logic in the regular expression inside the preg_replace function. Specifically, I'm having trouble understanding the use of the caret inside the brackets. If I type a single letter/number that matches any letter/number in the username column, I'll get a match for that row. When I remove the caret, even when I don't search for anything, everything in my db matches. Can someone please elaborate on what's going on here? Thanks.

$searchq = $_POST['search'];
$searchq = preg_replace("/[^0-9a-z]/i","",$searchq );

$query = mysqli_query($conn, "SELECT * FROM people ".
"WHERE username LIKE '%$searchq%'") or die('Could not search.');
butterface
  • 35
  • 3

2 Answers2

3

[^0-9a-z] is a character class ([]). ^ in a character class is negation, aka "not", so literally it's saying "match anything that is NOT a digit or an alphabetical character.

Marc B
  • 340,537
  • 37
  • 382
  • 468
2

In basically every regex flavour, the square brackets [] denote a character class, which will match one instance of any character in it. A character class starting with a caret ^ is negated - i.e. it will match a single instance of any character that is not in it.

In this case, your character class will match any character that isn't a number or lowercase letter. Because your regex is in ignore-case mode (the i modifier), it'll match any character that isn't a number or ASCII letter (either upper or lowercase), and the preg_replace will strip it out by replacing it with the empty string ("").

Sebastian Lenartowicz
  • 4,340
  • 4
  • 24
  • 36