If it's in a form, you should just be able to use $_GET['regex'] (properly sanitized of course) in the REGEX. It should automatically be urlencoded and decoded for you.

I don't think there's a safe way to allow regex. I know you could use [man]mysql_real_escape_string/man to make sure they don't try to mess with your query and get more or less info than you want; however, it may or may not work with regex. I think a better idea would be to limit what regex items you can have. Something like Google where you can use + - etc. to define what to include, what to exclude, "" to define specific sequences of strings, and so on.

I think you'd have to build your own form to allow only specific regular expression items. Otherwise you run the risk of something going haywire. And sending it through the URL is probably not the best of ideas, unless you want people to be able to send others a URL to search results.