There is no such thing as an "ENGLISH" number or letter. Many languages are (or can be) written using the same alphabet as English. It is usually called the Latin alphabet.
If you really only want to accept Latin alphanumeric characters, use:
if preg_match("/^[a-zA-Z0-9]+$/", $_POST['password']) {
//good to go
} else {
//I don't like this password
}
Your original regex has an extra trailing ^
, and it allows spaces and underscores. Do you want those characters to be allowed as well? If so, use ^[\w ]+$
.
However, if you are doing this to limit the characters that passwords can consist of, have you stopped to think about what you're doing? Limiting the set of characters that you accept for passwords dramatically reduces their strength. You should allow the widest possible range of characters to allow users to choose strong passwords.
If you are checking to detect weak passwords, please disregard. However, there are other factors you should consider like length and the presence of dictionary words. See this answer for some excellent detail.
On a related note, are you storing your users' passwords in a hashed form? That is an absolute necessity.