Am 01.10.2025 um 11:01 schrieb Alexandre Daubois <[email protected]>: > There is currently no way of knowing if a regex pattern is valid, apart from > writing clunky code. [2] > > Two propositions emerged from the issue: either create a dedicated > "preg_validate()" function, or add a new flag to "filter_var()", namely > FILTER_VALIDATE_REGEX_PATTERN.
My concern would be that dynamically creating regex patterns has quite a lot of possible different foot guns and using something like preg_validate/filter_var to prevent warnings seems to not really solve the problem but give a false sense of security. You can end up with a mostly working version which will only trigger the fail path later on depending on user input. It boils down to: If you are not confident that you construct the pattern in a safe way then what would you do if a validation function returns false? You can notify the developer but that is already accomplished with the preg_* warning when an invalid pattern is given. Creating an error page for the user on a warning is also already possible. That's why i'm on the fence whether a validation function does more good or harm. Regards, - Chris
