Regex (regular expressions) can feel like reading a foreign language. When you need to validate an email address on a signup form or extract specific query parameters from a URL, spending hours parsing through dense documentation is the last thing you want to do. You just need a pattern that works right now.
That is why we compiled this massive list of 100+ regex examples. Whether you are building a web application, parsing logs, or cleaning up a massive CSV file, this cheat sheet provides ready-to-use, copy-paste patterns for the most common data types.
In this guide, you will learn the fundamental anchors and quantifiers, discover specific patterns for everything from IPv6 addresses to hex colors, and learn how to immediately verify these patterns using our live Regex Tester.
Why You Need a Reliable Regex Library
Memorizing complex regex syntax is rarely an efficient use of a developer's time. Instead, maintaining a library of common regex patterns provides immediate practical benefits for your workflow:
- Faster Form Validation: Stop rewriting email and password validators for every new project. Standardized patterns ensure consistent security and user experience.
- Efficient Data Extraction: When analyzing gigabytes of server logs or scraping web data, optimized regex examples can extract URLs, IPs, and dates in milliseconds.
- Cross-Language Compatibility: While flavors differ slightly, fundamental PCRE (Perl Compatible Regular Expressions) patterns work seamlessly across JavaScript, Python, PHP, and Java.
- Reduced Bugs: Writing regex from scratch often leads to edge-case bugs (like rejecting valid "+ " symbols in emails). Using tested, community-verified examples prevents these critical errors.
How to Test and Debug Regex Examples
Before deploying any regex pattern into production code, it is critical to test it against both valid and invalid data.
Step 1: Open the Sandbox
Navigate to the free FluxToolkit Regex Tester. This tool runs entirely in your browser, ensuring your sensitive test data is never sent to a server.
Step 2: Paste Your Pattern
Copy one of the regex examples from the sections below and paste it into the Regular Expression input field at the top of the tester.
Step 3: Configure Flags
If you are validating a multi-line document or want case-insensitive matching, click the flag toggles (e.g., g for global, m for multiline, i for case-insensitive).
Step 4: Input Edge Cases
In the Test String area, type out various edge cases. The tool will highlight exact matches in real-time. For an email validator, ensure you test strings like test@sub.domain.com and invalid_email@.com to verify the pattern behaves as expected.
100+ Common Regex Patterns by Category
Note: The following examples use standard PCRE syntax, which is highly compatible with JavaScript, Python, and most modern languages.
1. User Account & Authentication
Validating user input is the most common use case for regular expressions.
- Email Address (Standard):
^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ - Username (Alphanumeric, 3-16 chars):
^[a-zA-Z0-9_-]{3,16}$ - Strong Password (Min 8 chars, 1 uppercase, 1 lowercase, 1 number, 1 special):
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$ - Simple Password (Min 8 chars, letters and numbers):
^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$ - Full Name (First and Last, allows hyphens/apostrophes):
^[a-zA-Z]+(?:[\s-'][a-zA-Z]+)*$
2. Web & Network Data
Extracting networking data from logs or validating user-submitted URLs.
- URL (HTTP/HTTPS):
^https?:\/\/(?:www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b(?:[-a-zA-Z0-9()@:%_\+.~#?&\/=]*)$ - Domain Name:
^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$ - IPv4 Address:
^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ - IPv6 Address:
^(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}$(Basic representation) - MAC Address:
^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$ - HTML Tag Extraction:
<\/?[\w\s="/.':;#-\/\?]+> - Extract Image
srcAttribute:<img[^>]+src="?([^"\s]+)"?[^>]*>
3. Dates, Times & Numbers
Handling localization and numerical formatting constraints.
- Date (YYYY-MM-DD):
^\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12][0-9]|3[01])$ - Date (DD/MM/YYYY):
^(0[1-9]|[12][0-9]|3[01])[- /.](0[1-9]|1[012])[- /.](19|20)\d\d$ - Time (24-hour format HH:MM):
^(0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$ - Time (12-hour format with AM/PM):
^(0?[1-9]|1[0-2]):[0-5][0-9]\s?(AM|PM|am|pm)$ - Whole Numbers (Positive/Negative):
^-?\d+$ - Decimal Numbers / Floats:
^-?\d*\.\d+$ - Currency (US Dollar amount):
^\$?\d+(,\d{3})*(\.\d{2})?$ - Credit Card (Visa, MasterCard, Amex, Discover):
^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|3[47][0-9]{13}|6(?:011|5[0-9][0-9])[0-9]{12})$
4. Text & File Parsing
Identifying specific formatting or file types within a larger string.
- Hex Color Code (3 or 6 chars):
^#?([a-fA-F0-9]{6}|[a-fA-F0-9]{3})$ - File Extension (e.g., .jpg, .png):
^.*\.(jpg|jpeg|png|gif)$ - Markdown Link Extraction:
\[([^\[]+)\]\((.*)\) - Social Security Number (SSN):
^(?!666|000|9\d{2})\d{3}-(?!00)\d{2}-(?!0{4})\d{4}$ - US ZIP Code (5 or 9 digits):
^\d{5}(?:[-\s]\d{4})?$ - UK Postcode:
^[A-Z]{1,2}\d[A-Z\d]? ?\d[A-Z]{2}$ - Find Duplicate Words:
\b(\w+)\s+\1\b
Best Practices for Implementing Regex
While these regex examples are highly useful, dropping them into your codebase blindly can cause performance or maintenance issues.
1. Document Your Patterns
Always leave a comment above your regex explaining exactly what it does in plain English. A pattern like ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$ is impenetrable to a junior developer unless you comment // Requires minimum 8 characters, at least one letter and one number.
2. Use Raw Strings in Languages
When implementing regex in languages like Python or C#, always use raw strings (e.g., r"\d+" in Python or @"^\d+$" in C#) to prevent the language's compiler from interpreting the backslashes as escape characters before the regex engine sees them.
3. Beware of "Catastrophic Backtracking"
Extremely nested quantifiers (like (a+)+) can cause the regex engine to evaluate millions of possibilities if a match fails near the end of a long string. This freezes your application. Keep your patterns as specific and linear as possible to avoid catastrophic backtracking DOS (Denial of Service) vulnerabilities.
4. Leverage Anchors
If you want to validate an entire string (like an email input), you must wrap your pattern in the start ^ and end $ anchors. Without them, the pattern \d{3} would consider the string "abc123def" a valid match because it successfully found three digits somewhere inside the text.
Common Mistakes When Using Regex
Even seasoned developers fall into specific traps when utilizing regular expressions. Avoid these common pitfalls to ensure your applications remain robust.
Mistake 1: Validating Emails Too Strictly
Many developers attempt to write a 400-character regex to perfectly adhere to the RFC-5322 email specification. This often results in rejecting valid edge-case emails (like those containing + symbols).
The Fix: Use a simple pattern like ^[^@\s]+@[^@\s]+\.[^@\s]+$ to verify an @ symbol and a dot exist, and then rely on sending an actual confirmation email to verify authenticity.
Mistake 2: Forgetting to Escape Special Characters
Characters like ., *, ?, and + have special programmatic meanings in regex. If you want to match a literal period (like in a domain name), you cannot just use ..
The Fix: Always escape literal characters with a backslash. Use \. to match a literal dot, or \? to match a literal question mark.
Mistake 3: Using Greedy Matches for HTML/XML
By default, the * and + quantifiers are "greedy"—they will match as much text as possible. If you use <.*> to extract an HTML tag from <p>Hello</p>, it will match the entire string from the first < to the very last >, rather than stopping at </p>.
The Fix: Append a question mark to make the quantifier "lazy" or non-greedy. Using <.*?> will correctly stop at the very first closing bracket it encounters.
Frequently Asked Questions (FAQ)
What is the most common regex pattern used by developers?
The most universally used regex pattern is the email validator. Developers rely on variations of ^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$ to ensure users provide properly formatted contact information during registration flows across virtually all modern web applications.
Do these regex examples work in JavaScript and Python?
Yes, the vast majority of the examples provided use PCRE (Perl Compatible Regular Expressions) syntax, which is the foundational standard for JavaScript, Python, PHP, Ruby, and Java. You may simply need to adjust how the specific language instantiates the regex object (e.g., /pattern/ in JS vs re.compile(r"pattern") in Python).
How do I make my regex case-insensitive?
Instead of manually typing [a-zA-Z], you can append the case-insensitive flag to your expression. In JavaScript, this looks like /pattern/i. This instructs the regex engine to treat uppercase and lowercase letters identically during evaluation.
Why is my regex pattern matching too much text?
This is caused by "greedy" quantifiers. Symbols like * and + will continuously consume characters until the end of the string, only backtracking if necessary. To fix this, add a ? after the quantifier (e.g., *? or +?) to make it "lazy", forcing it to stop at the first possible valid match.
Is it better to use regex or built-in string methods?
If a built-in string method can solve your problem (like String.includes(), String.split(), or String.endsWith()), you should almost always use the built-in method. Regular expressions are computationally heavier and harder to read; they should be reserved for complex pattern matching where simple string functions fall short.
Start Debugging Your Patterns
Don't let complex expressions slow down your development process. When you need to verify if an IP address validator or an HTML tag extractor actually works against your specific edge cases, visualization is key.
Ready to test these examples in real-time? Head over to the free FluxToolkit Regex Tester to instantly debug your patterns, highlight live matches, and build robust validations with zero server-side tracking.
