我在执行查询之前试图验证查询,如果查询不是mysql选择语句,那么我必须向用户显示消息。
我发现下面的regex从这个链接:使用正则表达式
验证简单的选择查询$reg="/^Select's+(?:'w+'s*(?:(?=from'b)|,'s*))+from's+'w+'s+where's+'w+'s*='s*'[^']*'$/i";
接下来我写了下面的代码,但是它总是打印not select query ($match每次都是空的)
$string="select * from users where id=1";
preg_match_all($reg,$string,$match);
if(!empty($match)){
echo "select query";
//execute and process result
//$this->user_model->list($string);
}else{
echo "not select query";
//show_message('inv_query');
}
请纠正正则表达式以验证sql select语句(select, from,where, join, orderderby groupby都可以在select语句中出现)。或者让我知道其他更好的方法来完成这项任务。
/*
some sample select statements
select * from users where id=1;
select * from users where id=1 AND name= 'Prabhu';
select * from users where id=1 AND name= 'Prabhu' order by name;
Select * from users where id=1 AND name= 'Prabhu' group by id order by name;
Select * from users join role on users.role_id=role.id where id=1 AND name= 'Prabhu' group by id order by name;
*/
为什么不设置如下:
$reg = "/^('s*?)select's*?.*?'s*?from(['s]|[^;]|(['"].*;.*['"]))*?;'s*?$/i";
适用于SQL select查询示例:http://www.phpliveregex.com/p/6nP.
它还检查正在运行的唯一SQL查询是选择查询,因此它应该只验证它们。它的做法是确保只有一个;除非;
select * from users where id=1 AND name= 'Pra;bhu';
但这不会。
select * from users where id=1 AND name= 'Prabhu'; drop table;
和不检查;在字符串中,如果它在其中,将失败:
$reg = "/^('s*?)select's*?.*?'s*?from(['s]|[^;])*?;'s*?$/i"