Copy-paste ready patterns with explanations and examples
Regular expressions are one of the most powerful and most frustrating tools in programming. When you need to validate an email address, extract URLs from text, or check a phone number format, regex is the go-to solution. But writing the correct pattern from scratch every time is slow and error-prone.
This cheat sheet gives you two things: a quick-reference syntax table for when you need to remember what \b or {n,m} means, and a collection of ready-to-use patterns for the most common real-world validation tasks. Every pattern is copy-paste ready — just grab it and use it.
Test any of these patterns instantly with our Regex Tester tool.
| Symbol | Meaning | Example | Matches |
|---|---|---|---|
. | Any character (except newline) | a.c | abc, a1c, a-c |
* | Zero or more of preceding | ab*c | ac, abc, abbc |
+ | One or more of preceding | ab+c | abc, abbc (not ac) |
? | Zero or one of preceding | colou?r | color, colour |
^ | Start of string | ^Hello | Hello world (not Say Hello) |
$ | End of string | end$ | the end (not endless) |
[] | Character class | [aeiou] | Any vowel |
[^] | Negated character class | [^0-9] | Any non-digit |
() | Capture group | (ab)+ | ab, abab, ababab |
| | OR operator | cat|dog | cat or dog |
\ | Escape special character | \. | Literal dot |
| Quantifier | Meaning | Example | Matches |
|---|---|---|---|
{n} | Exactly n times | \d{3} | 123, 456 (exactly 3 digits) |
{n,} | n or more times | \d{2,} | 12, 123, 1234 (2+ digits) |
{n,m} | Between n and m times | \d{2,4} | 12, 123, 1234 (2-4 digits) |
*? | Zero or more (lazy) | <.*?> | Matches shortest tag |
+? | One or more (lazy) | ".+?" | Matches shortest quoted string |
| Class | Meaning | Equivalent |
|---|---|---|
\d | Any digit | [0-9] |
\D | Any non-digit | [^0-9] |
\w | Any word character | [a-zA-Z0-9_] |
\W | Any non-word character | [^a-zA-Z0-9_] |
\s | Any whitespace | [ \t\n\r\f] |
\S | Any non-whitespace | [^ \t\n\r\f] |
\b | Word boundary | Between \w and \W |
\B | Non-word boundary | Not between \w and \W |
These are the patterns you will copy most often. Each one includes the regex, a plain-English explanation, and examples of what it matches and does not match.
^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$Explanation: Matches one or more alphanumeric characters (plus dots, underscores, percent, plus, and hyphens) before the @, followed by a domain name with at least one dot and a TLD of 2 or more letters.
Matches: user@example.com, name.last+tag@sub.domain.co.uk
Does not match: @example.com, user@.com, user@com
https?:\/\/(www\.)?[-a-zA-Z0-9@:%._+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_+.~#?&//=]*)Explanation: Matches http or https URLs with optional www prefix, a domain name, a TLD up to 6 characters, and an optional path/query string.
Matches: https://example.com, http://www.test.co.uk/path?q=1
Does not match: ftp://files.example.com, example.com (no protocol)
Simple format (digits only):
^\+?1?\d{10}$Flexible format (with separators):
^\(?(\d{3})\)?[- ]?(\d{3})[- ]?(\d{4})$Explanation: The flexible pattern matches US phone numbers with optional parentheses around the area code and optional hyphens or spaces as separators.
Matches: (555) 123-4567, 555-123-4567, 5551234567
Does not match: 123-456, 55-1234-5678
^\+[1-9]\d{1,14}$Explanation: Matches the E.164 international phone number format: a plus sign, followed by a non-zero digit, followed by 1 to 14 additional digits (max 15 total).
Matches: +14155551234, +442071234567
Does not match: +0123456789 (starts with 0), 14155551234 (no plus)
^\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])$Explanation: Matches ISO 8601 date format. The month must be 01-12, and the day must be 01-31. Note: this does not validate that the day is valid for the given month (e.g., it allows February 31).
Matches: 2026-03-24, 1999-12-31
Does not match: 2026-13-01 (month 13), 2026-3-24 (single-digit month)
^(\d{1,3}\.){3}\d{1,3}$Explanation: Matches four groups of 1-3 digits separated by dots. For strict validation (each octet 0-255), you need a more complex pattern, but this covers the basic format check.
Matches: 192.168.1.1, 10.0.0.255
Does not match: 192.168.1 (only 3 octets), 192.168.1.1.1 (5 octets)
^#([0-9A-Fa-f]{3}|[0-9A-Fa-f]{6})$Explanation: Matches a hash symbol followed by either 3 or 6 hexadecimal characters. This covers both shorthand (#FFF) and full (#FFFFFF) CSS color codes.
Matches: #fff, #0d9488, #A3B
Does not match: #12345 (5 chars), 0d9488 (no hash), #GGHHII (invalid hex)
^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}$Explanation: Requires at least 8 characters with at least one lowercase letter, one uppercase letter, one digit, and one special character from the set @$!%*?&. Uses lookaheads to check each requirement independently.
Matches: MyP@ss1word, Str0ng!Pass
Does not match: password (no uppercase, digit, or special), Short1! (under 8 chars)
Need to generate strong passwords? Try our Password Generator.
<\/?[\w\s="/.':;#-\/]+>Explanation: Matches opening and closing HTML tags including those with attributes. This is a simplified pattern — for production HTML parsing, use a proper HTML parser, not regex.
Matches: <div>, </p>, <a href="url">
Does not match: Plain text without angle brackets
^\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}$Explanation: Matches 16 digits in groups of 4, optionally separated by hyphens or spaces. This validates the format only — it does not check if the number is a valid card number (use the Luhn algorithm for that).
Matches: 4111111111111111, 4111-1111-1111-1111, 4111 1111 1111 1111
Does not match: 411111111111 (only 12 digits), 4111.1111.1111.1111 (dots)
Forgetting to escape dots. In regex, . matches any character. If you want to match a literal dot (in domain names, IP addresses, file extensions), you must escape it as \.. The pattern example.com will also match exampleXcom — write example\.com instead.
Greedy vs. lazy matching. By default, .* is greedy — it matches as much text as possible. Given the string <b>bold</b> and <b>more</b>, the pattern <b>.*</b> matches the entire string from first <b> to last </b>. Use <b>.*?</b> (lazy) to match each bold tag individually.
Forgetting anchors. Without ^ and $, your pattern matches substrings. The email pattern without anchors would match user@example.com inside !!!user@example.com!!!. Always use anchors when validating an entire string.
Overcomplicating patterns. Start simple and add complexity only as needed. A perfect email regex that covers every RFC edge case is hundreds of characters long and nearly unmaintainable. The simpler pattern in this cheat sheet handles 99.9% of real-world email addresses.
Not testing with edge cases. Always test your regex with: empty strings, very long strings, strings with special characters, strings that almost match but should not, and strings with leading/trailing whitespace.
Test these patterns: Open our Regex Tester — paste any pattern from this page, enter test strings, and see matches highlighted instantly. Free, no signup required.
^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$. This matches most standard email formats. However, the full RFC 5322 email specification is extremely complex — for production systems, use a dedicated email validation library rather than regex alone.* means "zero or more" of the preceding element, while + means "one or more." For example, a* matches an empty string, "a", "aa". But a+ requires at least one "a", so it matches "a" and "aa" but not an empty string.* and + are greedy — they match as much text as possible. Add a ? after the quantifier to make it lazy (match as little as possible). For example, use .*? instead of .*.← Blog index | Regex Tester | Password Generator | All tools