/[a-zA-Z]/ means that if you have at least one character that is from that range it’s valid. Probably you need /^[a-zA-Z]$/ that will allow only one character from that range. Or /^[a-zA-Z]+$/ that will allow many characters but only from that range.
Thanks for that, but I’m still getting incorrect behavior.
Your /^[a-zA-Z]$/ suggestion works for a single character. However, I tried /\w/ just as a test and inputted a string of special characters such as “$%^#$%^#” and it still passed validation on both sides (client and server).
I know I’m bad at regex, but this seems like something isn’t right here.
This is regex pattern 1: /^[a-zA-Z]\w+\z/
In PHP, the \z forces the final character to be of the word class. This is what I want…
However, on the client-side… EVERYTHING fails validation.
If I try pattern 2: /^[a-zA-Z]\w+/
This works on both sides, but allows for strings such as “asf_asdf#$^#$%$#”
I did discover that what I want is actually: /^[a-zA-Z]\w+$/
Which works server side and client-side.
However, I only discovered through trial and error that the \z doesn’t work on client-side.
I think there needs to be a blurb on the match validator indicating that the exact same regex will be used on client-side and server side with no translation.
I focused on the server side for security.
Not a bug… but definitely worth mentioning I think. Or at least say the \A and \z won’t translate in client-side validation.