$re = '/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script\s*>/i';
$str = 'So, let’s imagine that we have to check a text field, and there’s no particular information about it in project specifications.
In this case, it’s possible to do the following:
Click on the Submit button without previous text field filling.
Click on the space bar a few times, and then click on the Submit button.
Analyze how many characters you can enter in the field, and then press the Submit button.
Enter the minus sign and as many numbers as you can, and then tap Submit.
Enter all the possible special symbols and click Submit. If you see a message with an error, try to analyze it.
Try to enter the symbols that don’t technically correspond with ASCII, different emoji icons, and click Submit. If you see a message with an error, try to analyze it.
Try the features of the cross-site scripting. For this, you should enter such a script: <SCRIPT>alert(“I hacked this!”)</SCRIPT>. If there is a pop-up after clicking Submit, it means that this field is vulnerable to XSS attack (cross-site scripting attack).
Check if it’s possible to use SQL injections. Enter FOO’); DROP TABLE USERS. But don’t do this with databases of those sites that are in production.';
preg_match_all($re, $str, $matches, PREG_SET_ORDER, 0);
// Print the entire match result
var_dump($matches);
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for PHP, please visit: http://php.net/manual/en/ref.pcre.php