我正在研究使用javascript几乎完成的代码检查功能。我想检查PHP代码文件,如果它们包含内联sql语句。如何使用javascript实现这一点。
答案 0 :(得分:-1)
尝试下面的这些表达
// 1st expression (simplest)
^(SELECT|INSERT\sINTO\s|DELETE|UPDATE).+;?$/gi
//2nd expression (a better one)
^(?=(SELECT|INSERT|DELETE|UPDATE)+).*(?=(FROM|SET|INTO)+).*(WHERE|ORDER\sBy|LIMIT)?;?$
//3rd expression (even better)
(?=(SELECT|INSERT|DELETE|UPDATE)+).*(?=(FROM|SET|INTO)+).*(WHERE|ORDER\sBy|LIMIT)?;?
// Strings tested so far using third expression (no fails so far)
SELECT password FROM users WHERE 1
I'd like to select all my best books
WHERE are you?
UPDATE users SET password = "hacked"
We were in group of three
SELECT all elements of something
I'm FROM / from someland
DELETE * FROM users WHERE
I do love regex
SELECT * FROM users WHERE 1;
SELECT password FROM users WHERE 1 LIMIT 1
Insert a freaking coin into machine
INSERT INTO users VALUES
DELETE * FROM users;
DELETE password FROM users LIKE 'admin'
UPDATE users SET password = ''
OMG!
SELECT Chuck Norris for a president
UPDATE Brian SET tolerance = 'higher' <--- though, a proper SQL ;)
SELECT * FROM users
Let's check this SELECT user FROM users; whatever
SELECT user FROM users
SELECT user, password FROM users
SELECT * FROM users WHERE user LIKE 'admin'
SELECT * FROM users WHERE user = 'admin'
SELECT user FROM users WHERE password = '' ORDER BY user;
DELETE * FROM users
DELETE FROM users
DELETE FROM users WHERE user = "admin";
UPDATE users SET password = '';
UPDATE users SET username = 'hohoho' AND password = '';
INSERT INTO users VALUES ('santa', 'hohoho');
INSERT INTO users (username, password) VALUES ('santa', 'hohoho');
用法:
pattern = /(?=(SELECT|INSERT|DELETE|UPDATE)+).*(?=(FROM|SET|INTO)+).*(WHERE|ORDER\sBy|LIMIT)?;?/gi;
pattern.test('SELECT user, password FROM users'); // true
正在测试...... :) Regex Fiddle