Regex Tester & Debugger

Flags reshape how the engine reads your pattern. g makes matching stateful — it advances lastIndex between calls, so reusing one global regex object across loops can skip matches. i folds case, m makes ^ and $ match at line breaks rather than only string ends, and s (dotAll) lets . span newlines. u enables full Unicode handling so astral code points and \p{Letter} property escapes behave correctly. Combine them deliberately: enabling m without realizing it can turn an anchored whole-string validation into a per-line match and let malformed input slip through.

Plain (...) captures and numbers each group left to right; (?:...) groups without capturing, which keeps your match array clean and is marginally cheaper. Named groups (?<year>\d{4}) make extraction self-documenting and are referenced as \k<year> inside the pattern or $<year> in a replacement. Backreferences like \1 let a pattern match the same text twice — handy for catching doubled words — but they prevent the engine from using simpler linear-time matching, so reach for them only when you truly need them.

Quantifiers are greedy by default: .* grabs as much as possible then backtracks. Adding ? makes them lazy (.*?), matching the minimum first. The dangerous case is nested or overlapping quantifiers over ambiguous input — patterns like (a+)+$ or (\d+)* against a long non-matching string force the engine to explore exponentially many ways to split the text. This is catastrophic backtracking, and on a server it is a real denial-of- service vector (ReDoS): one crafted input can pin a CPU core for seconds. Avoid it by anchoring patterns, preferring specific character classes over ., avoiding a quantifier inside another quantifier, and validating untrusted input length before matching.

^ and $ anchor to string (or line) edges, while \b marks a word boundary — the seam between a word and non-word character — which is what you usually want for matching whole words rather than ^word$. Flavors also diverge: this tester runs the JavaScript (ECMAScript) engine, so its lookbehind, Unicode property escapes and named-group syntax follow ES rules and will not always agree with PCRE (PHP, the pcre library), POSIX (grep, sed basic mode) or Python's re. Before copying a pattern into another runtime, re-test it there. When a pattern matches in one place but not another, the diff checker helps spot the stray whitespace or invisible characters that quietly break a match.

Databases speak regex too. PostgreSQL offers the ~ and ~* operators (case-sensitive and insensitive) plus SIMILAR TO, while MySQL uses REGEXP / RLIKE. The catch is performance: a B-tree index can only help when a predicate is anchored to a known prefix, so col >= 'abc' style comparisons use the index but col ~ 'abc' or any pattern with a leading wildcard forces a full scan and evaluates the regex row by row. For high-volume filtering, normalize the data, use a prefix predicate, or add a trigram index (Postgres pg_trgm) instead of leaning on a heavy expression in the WHERE clause. See our PostgreSQL guide for indexing strategy that keeps pattern matching off the hot path.