Php Regex to find out if a string is a mysql select statement

Question

Php Regex to find out if a string is a mysql select statement

I am trying to check the queries before executing them. If the query is not a mysql select expression, then I have to show the message to the user.

I found below regex at this link: Confirm a simple select query with regex

$reg="/^Select\s+(?:\w+\s*(?:(?=from\b)|,\s*))+from\s+\w+\s+where\s+\w+\s*=\s*'[^']*'$/i";

Then I wrote the code below, but it always prints, does not select the request ($ match is empty every time)

$string="select * from users where id=1";
preg_match_all($reg,$string,$match);
if(!empty($match)){
echo "select query";
//execute and process result
//$this->user_model->list($string);
}else{
   echo "not select query";
   //show_message('inv_query');
}

Please correct the regular expression to check the sql selection statement (select, from, where, join, organize the group, everything can be there in the select statement). Or let me know another good way to accomplish this task.

/*
some sample select statements
select * from users where id=1;

select * from users where id=1 AND name= 'Prabhu';

select * from users where id=1 AND name= 'Prabhu' order by name;

Select * from users where id=1 AND name= 'Prabhu' group by id order by name;

Select * from users join role on users.role_id=role.id where id=1 AND name= 'Prabhu' group by id order by name;
*/

+2

php regex preg-match preg-match-all

Ravi Aug 2 '14 at 6:35

source share

1 answer

Oliver Hamelijnck · Accepted Answer · 2014-08-15T14:29:39+0000

Why not have something like:

$reg = "/^(\s*?)select\s*?.*?\s*?from([\s]|[^;]|(['"].*;.*['"]))*?;\s*?$/i";

SQL: http://www.phpliveregex.com/p/6nP.

, SQL select, . , , ; ; , .

select * from users where id=1 AND name= 'Pra;bhu';

.

select * from users where id=1 AND name= 'Prabhu'; drop table;

, ; , :

$reg = "/^(\s*?)select\s*?.*?\s*?from([\s]|[^;])*?;\s*?$/i"

Php Regex to find out if a string is a mysql select statement

More articles: