用于查找字符串是否为MySQL SELECT语句的PHP正则表达式
我正在尝试在执行查询之前验证它们,如果查询不是MySQL SELECT语句,则我必须向用户显示消息。
我通过此链接找到以下正则表达式: Validate simple select query using Regular expression$reg="/^Selects+(?:w+s*(?:(?=from)|,s*))+froms+w+s+wheres+w+s*=s*'[^']*'$/i";
接下来,我编写了以下代码,但它始终打印NOT SELECT查询($MATCH每次为空)
$string="select * from users where id=1";
preg_match_all($reg,$string,$match);
if(!empty($match)){
echo "select query";
//execute and process result
//$this->user_model->list($string);
}else{
echo "not select query";
//show_message('inv_query');
}
/*
some sample select statements
select * from users where id=1;
select * from users where id=1 AND name= 'Prabhu';
select * from users where id=1 AND name= 'Prabhu' order by name;
Select * from users where id=1 AND name= 'Prabhu' group by id order by name;
Select * from users join role on users.role_id=role.id where id=1 AND name= 'Prabhu' group by id order by name;
*/
解决方案
为什么不这样做:
$reg = "/^(s*?)selects*?.*?s*?from([s]|[^;]|(['"].*;.*['"]))*?;s*?$/i";
适用于SQL SELECT查询示例:http://www.phpliveregex.com/p/6nP。
它还检查正在运行的唯一SQL查询是否是SELECT查询,因此它应该只验证它们。它通过确保只有一个;(除非That;在字符串中)来实现此目的,因此下面的代码将进行验证。
select * from users where id=1 AND name= 'Pra;bhu';
但这不会。
select * from users where id=1 AND name= 'Prabhu'; drop table;
和正则表达式,该正则表达式不检查字符串中的;,如果它在字符串中,则将失败:
$reg = "/^(s*?)selects*?.*?s*?from([s]|[^;])*?;s*?$/i"
相关文章