I’d like to write a static code analysis tool for finding SQLi vulnerabilities in

Question

0

Asked: May 23, 20262026-05-23T22:05:48+00:00 2026-05-23T22:05:48+00:00

I’d like to write a static code analysis tool for finding SQLi vulnerabilities in

0

I’d like to write a static code analysis tool for finding SQLi vulnerabilities in PHP code. Usually, I just use a script to separate functions, and grep them for inadequate sanitisation. Obviously this approach is limited.

The outline of the program I want to write is:

Find all calls to mysql_query
Find all references to the functions that call mysql_query
Track all variables that go into each query call, and find out if mysql_real_escape_string is run on them.

I’m caught between two approaches to writing this. Either I go for a PHP extension, or write it as a standalone from scratch.

The advantages of using a PHP extension is that I wouldn’t have to make my own tokenizer, parser etc (I presume, basing this on the capabilities of the XDebug extension).

Does anyone with experience in writing PHP extensions have any advice on how to approach the problem?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-23T22:05:49+00:00

Editorial Team

2026-05-23T22:05:49+00:00Added an answer on May 23, 2026 at 10:05 pm

I suggest looking at the RIPS Scanner project and review its source code for ideas. It performs exactly the functions you wish to do.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’d like to write a static code analysis tool for finding SQLi vulnerabilities in

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply