[英]Regex question - searching a: specific pattern without quotes
I have a MYSQL class, which I'd like to make safe against SQL injection, so I thought of a checking algorithm. 我有一个MYSQL类,我想使它对SQL注入安全,因此我想到了一种检查算法。 For example: 例如:
query("SELECT * FROM xyz WHERE id = @1 AND name = '@2' AND pwd = '@3' AND somenumber = @4", param1, param2, param3, param4)
This regex expression must match @1 and @4, so the first, and 4th argument should be integer. 此正则表达式表达式必须与@ 1和@ 4匹配,因此第一个和第4个参数应为整数。
I tried this: 我尝试了这个:
[^'"]@\d+[^'"]
But it doesnt match: 但这不匹配:
@1,@4,@5
What could be the right expression? 正确的表达方式是什么?
Thank you in advance. 先感谢您。
If you want @123 but not "@123", use 如果要@ 123而不是“ @ 123”,请使用
(?<!["'])@\d+(?!['"])
What your regex does: 您的正则表达式做什么:
[^'"]
matches one « anything but the string '" » [^'"]
匹配一个«,但不匹配字符串'”» @\\d+
matches one at sign and as much numbers as possible @\\d+
匹配一个符号和尽可能多的数字 [^'"]
matches another « anything but the string '" » [^'"]
与另一个«匹配,除了字符串'”» Therefore it would match d@12), @@0@, k@09. 因此它将匹配d @ 12),@@ 0 @,k @ 09。 ... ...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.