PHP Prime : Doc : Security : Strings : Regexp injection

RegExp Injection

Otherwise known as Regular Expressions, and typically run with the preg functions:

• preg_match()
• preg_match_all()
• preg_replace()
• preg_split()

If you are using a user supplied variable (rare), then use the preg_quote() function.

So for example, using the multi-line regular expression to replace line prefix:

$str = preg_replace('/^' . preg_quote($prefix, '/') . '/m', '', $str);