Regex Patterns Cheat Sheet: Email, Phone, Date Validation & More

Regular expression syntax isn't particularly hard — but writing a correct validation pattern from scratch requires handling a surprising number of edge cases. This guide skips the syntax tutorials and gives you battle-tested, copy-paste-ready patterns for the most common validation scenarios. Test any of them instantly in the Regex Tester.

How to use this guide: Copy any pattern below, paste it into the Regex Tester, add your test strings, and confirm it behaves as expected before integrating it into your codebase.

1. Email Address Validation

Email format looks simple, but the full RFC 5322 specification is notoriously complex. The pattern below is a pragmatic version that covers 99% of real-world email addresses:

/^[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}$/
Test stringResultNotes
[email protected]✅ PassStandard format
[email protected]✅ PassPlus sign, subdomain
user@example❌ FailMissing TLD
@example.com❌ FailMissing local part
user @example.com❌ FailContains space

Caveat: The only reliable way to verify an email address is to send a confirmation message. Regex can only reject obvious format errors — it cannot verify whether an inbox actually exists.

2. Phone Number (US)

/^(\+1[\s\-]?)?\(?\d{3}\)?[\s\-]?\d{3}[\s\-]?\d{4}$/

This pattern accepts common US phone number formats including optional country code, parentheses, spaces, and hyphens:

Test stringResult
555-867-5309✅ Pass
(555) 867-5309✅ Pass
+1 555 867 5309✅ Pass
867-5309❌ Fail (7 digits only)

3. Date Format (YYYY-MM-DD)

/^\d{4}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01])$/

This pattern validates the valid range for month (01–12) and day (01–31), but it cannot determine whether a specific date actually exists (e.g., 2023-02-30 will still pass). Use program logic to validate calendar correctness.

4. URL

/^https?:\/\/[^\s/$.?#].[^\s]*$/i

Covers both http and https, allows complex paths, query parameters, and hashes, and rejects invalid URLs containing spaces. HTTPS-only version:

/^https:\/\/[^\s/$.?#].[^\s]*$/i
Quick test: Paste a list of URLs into the Regex Tester and enable multiline mode to validate them line by line and quickly spot malformed entries.

5. IPv4 Address

/^((25[0-5]|2[0-4]\d|[01]?\d\d?)\.){3}(25[0-5]|2[0-4]\d|[01]?\d\d?)$/

Precisely validates each octet (0–255), preventing invalid values like 999.999.999.999 that look syntactically valid but aren't.

Test stringResult
192.168.1.1✅ Pass
255.255.255.0✅ Pass
256.0.0.1❌ Fail (octet out of range)
192.168.1❌ Fail (only 3 octets)

6. Password Strength Rules

Basic (min 8 chars, letters and numbers):

/^(?=.*[a-zA-Z])(?=.*\d).{8,}$/

Medium (min 8 chars, upper, lower, and digits):

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/

Strict (min 8 chars, upper, lower, digits, and special chars):

/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*]).{8,}$/

These patterns use lookahead assertions ((?=...)) to require specific character types without restricting their position.

7. Numeric Formats

Positive integer:

/^\d+$/

Integer (with optional negative sign):

/^-?\d+$/

Floating point number:

/^-?\d+(\.\d+)?$/

8. CJK Characters (Chinese/Japanese/Korean)

/^[\u4e00-\u9fff]+$/

Covers the main CJK Unified Ideographs block (U+4E00 to U+9FFF). To also include Japanese kana and Korean Hangul:

/^[\u4e00-\u9fff\u3040-\u30ff\uac00-\ud7af]+$/

9. US ZIP Code

/^\d{5}(-\d{4})?$/

Accepts both 5-digit ZIP codes (12345) and ZIP+4 format (12345-6789).

10. Strip HTML Tags

/<[^>]+>/g

Replace with an empty string to strip HTML tags from text. JavaScript example:

const cleanText = htmlString.replace(/<[^>]+>/g, '');

Warning: Do not use Regex to parse full HTML structures. HTML is not a regular language — nested and self-closing tags will cause patterns to fail. Use a DOM parser for complete HTML processing.

Try these patterns now: Open the Regex Tester, paste any pattern above into the regex field, enter your test strings, and instantly see which inputs pass and which are rejected.

Common Mistakes & Gotchas

1. Missing ^ and $ anchors

Patterns without anchors pass on partial matches. /\d+/ accepts abc123 because the string contains digits. Always add ^ (start) and $ (end) to ensure the entire string matches.

2. Over-restricting the TLD length

New TLDs like .photography or .taipei exceed four characters. Use {2,} instead of {2,4} to avoid rejecting valid modern email addresses.

3. Case sensitivity

Add the i flag to URL patterns (case-insensitive), but keep email patterns case-sensitive by explicitly listing [a-zA-Z].

4. Cross-language differences

Regex implementations vary between languages. JavaScript's older engines lack lookbehind support; Python's re module treats ^/$ differently in multiline mode. Always test before deploying across environments.

Summary

The most valuable regex skill isn't writing patterns from scratch — it's knowing where to find reliable ones and understanding their limitations.

  • All patterns can be tested instantly in the Regex Tester
  • Client-side Regex is your first filter — server-side validation is always the final authority
  • Complex validations (calendar date logic, checksum digits) require program logic, not just Regex
  • Compare two versions of a pattern side-by-side with the Text Diff tool