1
I’m looking for some way to avoid SQL Injection in the system I’m developing.
Is there any regular expression that perceives the attempt of a possible SQL Injection attempt?
Do you know any other way to avoid it? Sometimes there may be better forms of prevention but I still don’t know.
2
As SQL injections in general possess =or ;, they are basically constituted in 2 groups, "Always true" or "Batched SQL Statements".
I suggest you use a regex which captures one of the above characters in input and make a treaty or make a mistake and not complete the transaction for BD. How was not cited the Flavour of regex or development language, I will use the most common Flavour, the one used by php.
(.*?[=|;].*)
Explanation:
() defines what will be captured.*? implies that any character other than line breaks will be captured until reaching limitation.[=|;] is the limitation where the .*?, must stop, implies a condition for capture, must be captured all those characters only if there are = OR (|) ;.* implies that once the catch is compulsory (= or ;) will capture all characters to the end of the line.This should help you, in case the Flavour of regex is different, edit your question I will edit that regex to better serve you.
You can test the regex I told you about here
Thank you very much! The language is exactly PHP. I will use this way
Browser other questions tagged regex
You are not signed in. Login or sign up in order to post.
Regular expression to handle SQL Injection? It is not better to use some ready-made resource that handles it using parameters in darlings? In fact, what is the language?
– Jéf Bueno