Modify Regex To Disallow Spaces
-
I am using this regex to verify a password contains at least one letter, one number, min 7 chars in PHP, how do I modify to dissallow any spaces?:
/(?=.*\d)(?=.*[a-zA-Z]).{7,}$/
Thanks
-
I am using this regex to verify a password contains at least one letter, one number, min 7 chars in PHP, how do I modify to dissallow any spaces?:
/(?=.*\d)(?=.*[a-zA-Z]).{7,}$/
Thanks
Why? I can just about understand enforcing "complexity requirements" to prevent users from using stupidly simple passwords that would be guessed in seconds. Although checking whether the password has been exposed in any data breaches[^] might be a better option. But why block the user from using an entire class of characters in their password? That would suggest that either a) the password isn't being stored securely[^], or b) the password storage code is trying to avoid some sort of injection vulnerability by restricting the input rather than fixing the vulnerability.
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
I am using this regex to verify a password contains at least one letter, one number, min 7 chars in PHP, how do I modify to dissallow any spaces?:
/(?=.*\d)(?=.*[a-zA-Z]).{7,}$/
Thanks
I realise I've come to this post a long time after the request, but thought I'd still provide an actual way forward, possibly even the solution if one is still required. Or maybe it will serve some useful purpose for another poster with a similar need. If you understand the regex you have provided you will understand the first 2 sections are only a lookahead to identify the requirements are met, they don't actually consume any characters. The .{7,}$ is the part which grabs the password and at the moment it will grab any character (denoted by the DOT character). So it's here where you could do the final verification. What needs to happen is that the DOT changes to the "allowed" characters which exclude the space (and/or any other characters). I don't do PHP regex but I would think replacing the DOT with something like \S or [^ ] or even [[:^space:]] would be appropriate. By removing a character from the allowed group, if the removed character is encountered the regex will fail. So no password is selected. It could even be done with another lookahead and I think that could be (?=\S{7,}). If using the lookahead, then no need to change the DOT character for my other options. Some background info: \S is any character except whitespace which includes [ \t\r\n\v\f]. This is a capital S, which is the negated \s, so opposite of what \s means in PHP regex (whitespace). [[:^space:]] is a negated PHP class, the ^ denotes NOT what follows. Terry