I’ve got a string entered by the user, and I want to embed that

Question

0

Asked: May 24, 20262026-05-24T20:43:46+00:00 2026-05-24T20:43:46+00:00

I’ve got a string entered by the user, and I want to embed that

0

I’ve got a string entered by the user, and I want to embed that string into a regex. Is there a way to embed a parameter value in a similar way to parameters in SQL queries?

For example, I could do this:

string myRegex = "[abc]" + myParameter + "[xyz]";

but this would not work because myParameter could contain regex special characters.

SQL injection was fixed by using parameters. How do I do the same with regexes?

Note that myParameter could contain any character from the whole of unicode except maybe control characters, although I would hope a general purpose solution would allow even control characters to be matched.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T20:43:47+00:00

Editorial Team

2026-05-24T20:43:47+00:00Added an answer on May 24, 2026 at 8:43 pm

Depends on the regular expression engine at hand I believe.

In Java you typically do

"[abc]" + Pattern.quote(myParameter) + "[xyz]"

or (if myParameter doesn’t contain \E) you could do

"[abc]\\Q" + myParameter + "\\E[xyz]"

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’ve got a string entered by the user, and I want to embed that

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply