PHP form validation using preg_match for password checks

This is a general question on password form validation and using a combination of uppercase, lowercase, numbers and characters used.

Research has showed that preg_match is required to validate the password (or whatever variable you use): (preg_match("/^.(?=.{8,})(?=.[0-9])(?=.[a-z])(?=.[A-Z]).*$/")

Though how would how would i integrate this into the if statement below? I've tried combining them using && though this seems to ignore the preg_match part. if(($pass == $pass2) && (preg_match("/^.(?=.{8,})(?=.[0-9])(?=.[a-z])(?=.[A-Z]).*$/"))

Any advice would be appreciated.


require "dbconn.php";

$username = ($_GET['username']);
$email = ($_GET['email']);
$pass = ($_GET['pwd1']);
$pass2 = ($_GET['pwd2']);
$USN = ($_GET['schoolnumber']);

$matching = 0;

if($pass == $pass2)
echo "<script type='text/javascript'> window.alert('Your details have been successfully    registered, please proceed to login with your new credentials!')</script>";
echo '<script>javascript:window.close();</script>';

$query = "INSERT INTO customer VALUES     ('".$username."','".$email."','".$pass."','face1.jpg','".$USN."','N')";

$results = mysql_query($query) or die (mysql_error());

$results1 = mysql_query($query1) or die (mysql_error());




preg_match requires two arguments the pattern to look for and the string to test. Plus I'm not sure if the regular expression you are using would work anyway. Try something like.

$pattern = '/(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}/';
if (($pass1 == $pass2) && preg_match($pattern, $pass1)) {

You only need to match against one of the passwords because should ($pass1 == $pass2) fail then the preg_match isn't even preformed.

The regex above checks that the password is at least 8 characters long and contains at least one of each of lowercase, uppercase and a number

Need Your Help

return Image from OperationContract method (WCF service)

c# wcf image

Im trying to get an Image from WCF service

How does flurry analytics track my apps version number?

ios plist flurry

I'm viewing my top used version numbers in flurry for my app. It appears flurry is using the build number field (bundle version) in my plist to report what version a particular app is. Is this true...