开发者

Regex question - searching a: specific pattern without quotes

开发者 https://www.devze.com 2023-03-06 08:38 出处:网络
I开发者_如何转开发 have a MYSQL class, which I\'d like to make safe against SQL injection, so I thought of a checking algorithm. For example:

I开发者_如何转开发 have a MYSQL class, which I'd like to make safe against SQL injection, so I thought of a checking algorithm. For example:

query("SELECT * FROM xyz WHERE id = @1 AND name = '@2' AND pwd = '@3' AND somenumber = @4", param1, param2, param3, param4) 

This regex expression must match @1 and @4, so the first, and 4th argument should be integer.

I tried this:

[^'"]@\d+[^'"]

But it doesnt match:

@1,@4,@5

What could be the right expression?

Thank you in advance.


If you want @123 but not "@123", use

(?<!["'])@\d+(?!['"])

What your regex does:

  • [^'"] matches one « anything but the string '" »
  • @\d+ matches one at sign and as much numbers as possible
  • [^'"] matches another « anything but the string '" »

Therefore it would match d@12), @@0@, k@09. ...

0

精彩评论

暂无评论...
验证码 换一张
取 消