Regex statement always returns false in PHP

Question

I am trying to check passwords to make sure they contain at least 1 uppercase, lowercase, and one number. I have looked into this but cannot find why every single time, it returns false. For example, I put in Thechedda123 , and it still returns false, and doesn't post to my database.

$password = $_GET["password"];
$regex = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[a-zA-Z\d]{8,}$";
$query="INSERT INTO `users`(`username`, `password`, `school`, `grade`,`email`, `classes`, `firstname`, `lastname`) VALUES ('$username','$password','$school','$grade','$email','$school','$firstname','$firstname')";
if (preg_match($regex, $password)){
    $result = mysql_query($query);
    if (!$result) {
        $message  = 'Invalid query: ' . mysql_error() . "\n";
        $message  = 'Whole query: ' . $query;
        die($message);
    }
}else{
    $numb = 'true';
    $cap = 'true';
    if (preg_match($regex, $password)){
        $numb = 'false';
    }
    if (preg_match($regex, $password)){
        $cap = 'false';
    }
    echo $cap;
    echo $numb;
}
?>

Answer 1

I edited and tested your regex. Replace your regex to this:

$regex = "/^((?=.*[a-z])(?=.*[A-Z])(?=.*\d))[a-zA-Z\d]{8,}$/";

And test:

$password_good = "Thecedda123"; // Ok

$password_bad_1 = "hechedda123"; // Upper case missed

$password_bad_2 = "TTTTTTTTTT123"; // Lower case missed

$password_bad_3 = "Thechedda"; // Digit missed

$password_bad_4 = "Th123"; // Less then 8 characters

$password_bad_5 = "1234567890"; // Letters missed

// Result:

echo preg_match($regex, $password_good); // true

echo preg_match($regex, $password_bad_1); // false

echo preg_match($regex, $password_bad_2); // false

echo preg_match($regex, $password_bad_3); // false

echo preg_match($regex, $password_bad_4); // false

echo preg_match($regex, $password_bad_5); // false