You need to enclose the pattern into "//" like so:
preg_match("/^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[_.@#$&]).{8,15}$/", $pwd)
EDIT:
Ok so i would actually split the big and confusing regex line into multiple regex pattern, one for each of the constraints you have, it will be easier to read and understand, and also you could give the user more descriptive hint to whats the problem with the currently entered password ( is it too short, is it missing symbol, is it missing uppercase letter.. you got the point..)
Here is the code:
<?php
function validatePassword($pass)
{
$uppercasePattern = "/[A-Z]/";
$lowercasePattern = "/[a-z]/";
$symbolPattern = "/[\.\$@_#&]/";
$digitPattern = "/[0-9]/";
$unwantedSymbolsPattern = "/[^\w\.\$@_#&]/";
$len = strlen($pass);
if($len >=8 && $len <= 15){ // check if length is 8 - 15
$hasUppercase = false;
preg_match($uppercasePattern, $pass, $hasUppercase); // check if has uppercase letter
if(!empty($hasUppercase)){
$hasLowercase = false;
preg_match($lowercasePattern, $pass, $hasLowercase); // check if has lowercase letter
if(!empty($hasLowercase)){
$hasSymbol = false;
preg_match($symbolPattern, $pass, $hasSymbol); // check if has symbol
if(!empty($hasSymbol)){
$hasDigit = false;
preg_match($digitPattern, $pass, $hasDigit); // check if has digit
if(!empty($hasDigit)){ // check if contains needed symbol
$hasUnwantedSymbols = false;
preg_match($unwantedSymbolsPattern, $pass, $hasUnwantedSymbols);
if(empty($hasUnwantedSymbols)){ // if doesnt contain unwanted symbols return true
return true;
}else{
echo "Password contains some of the unwanted symbols!";
}
}else{
echo "Missing digit!";
}
}else{
echo "Missing on of the following symbols: . _ @ $ # &";
}
}else{
echo "Missing uppercase letter!";
}
}else{
echo "Missing uppercase letter!";
}
}
else{
echo "Password length not OK!";
}
}
$pass = "Abcdef@1as#(";
// call the function to test it out
if(validatePassword($pass)){
echo "OK";
}
?>