Home/ Questions/Q 8359007
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T11:00:01+00:00

I working on a method to get all values based on a SQL query

  • 0

I working on a method to get all values based on a SQL query and then scape them in php.

The idea is to get the programmer who is careless about security when is doing a SQL query.

So when I try to execute this:

INSERT INTO tabla (a, b,c,d) VALUES ('a','b','c',a,b)

The regex needs to capture 'a' 'b' 'c' a and b

I was working on this a couple of days.

This was as far I can get with 2 regex querys, but I want to know if there is a better way to do:

VALUES ?\((([\w'"]+).+?)\)

Based on the previous SQL this will match:

VALUES ('a','b','c',a,b)

The second regex

['"]?(\w)['"]?

Will match

a b c a b

Previously removing VALUES, of course.

This way will match a lot of the values I gonna insert.

But doesn’t work with JSON for example.

{a:b, "asd":"ads" ....}

Any help with this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, I think you should know that SQL support many types of single/double quoted string:
    'Northwind\'s category name'
    'Northwind''s category name'
    "Northwind \"category\" name"
    "Northwind ""category"" name"
    "Northwind category's name"
    'Northwind "category" name'
    'Northwind \\ category name'
    'Northwind \ncategory \nname'

    to match them, try with these patterns:
    "[^\\"]*(?:(?:\\.|"")[^\\"]*)*"
    '[^\\']*(?:(?:\\.|'')[^\\']*)*'

    combine patterns together:

    VALUES\s*\(\s*(?:"[^\\"]*(?:(?:\\.|"")[^\\"]*)*"|'[^\\']*(?:(?:\\.|'')[^\\']*)*'|\w+)(?:\s*,\s*(?:"[^\\"]*(?:(?:\\.|"")[^\\"]*)*"|'[^\\']*(?:(?:\\.|'')[^\\']*)*'|\w+))*\)

    PHP5.4.5 sample code:

        <?php
$pat = '/\bVALUES\s*\((\s*(?:"[^\\"]*(?:(?:\\.|"")[^\\"]*)*"|\'[^\\\']*(?:(?:\\.|\'\')[^\\\']*)*\'|\w+)(?:\s*,\s*(?:"[^\\"]*(?:(?:\\.|"")[^\\"]*)*"|\'[^\\\']*(?:(?:\\.|\'\')[^\\\']*)*\'|\w+))*)\)/';
$sql_sample1 = "INSERT INTO tabla (a, b,c,d) VALUES ('a','b','c',a,b)";
if( preg_match($pat, $sql_sample1, $matches) > 0){
    printf("%s\n", $matches[0]);
    printf("%s\n\n", $matches[1]);    
}

$sql_sample2 = 'INSERT INTO tabla (a, b,c,d) VALUES (\'a\',\'{a:b, "asd":"ads"}\',\'c\',a,b)';
if( preg_match($pat, $sql_sample2, $matches) > 0){
    printf("%s\n", $matches[0]);
    printf("%s\n", $matches[1]);    
}

?>

    output:

    VALUES ('a','b','c',a,b)
'a','b','c',a,b

VALUES ('a','{a:b, "asd":"ads"}','c',a,b)
'a','{a:b, "asd":"ads"}','c',a,b

    If you need to get each value from result, split by , (like parsing CSV)

    I hope this will help you 🙂

    • 0