Archive - Originally posted on "The Horse's Mouth" - 2006-02-15 07:00:34 - Graham Ellis
If you're writing an application, it's generally NOT a good idea to take a user input and slap it straight in to a regular expression for matching - quite simply because it's improbable that your user will be familiar with regular expressions and he / she will get all sorts of strange results if she / he puts any special characters into their search string.
Users do often require to enter various search patterns, and I recommend that you come up with a scheme that suits your own type of search; that might involve taking the user's input and using it to indirectly for a regular expression, or it might make for some totally different search.
I was talking about this yesterday to a Perl group, with a user community that's used to using * and ? in file name matching (know as globbing) and who want to do the same on data within Perl. It's a good example where the program shouldn't just pass through the data entered - rather, they should
1. Protect input special characters with a \
2. replace input ? characters with a .
3. replace input * characters with a .*
4. Add ^ and $ anchors
And that will give them the ability to wildcard in the good ole way they wish!