[英]Jquery Regular Expressions
I would like to search for a particular pattern in my SQL , so that it starts only with SELECT and not with INSERT , UPDATE , DELETE. 我想在我的SQL中搜索一个特定的模式,这样它只能用SELECT启动而不能用INSERT,UPDATE,DELETE启动。
How can i achieve this using JQuery , I would like to use JQuery to do a case insensitive matching of the string. 我如何使用JQuery实现这一点,我想使用JQuery对字符串进行不区分大小写的匹配。
EDIT 编辑
I would also like to consider subqueries also. 我也想考虑子查询。
Therefore my requirement is that the query should not contain any INSERT , UPDATE , DELETE statements anywhere. 因此我的要求是查询不应在任何地方包含任何INSERT,UPDATE,DELETE语句。 It should contain only SELECT statments 它应该只包含SELECT语句
You could use something like the following: 您可以使用以下内容:
function isSelect(str) {
return /^select/i.test(str) && !/insert|update|delete.*/.test(str);
}
isSelect("select * from foo"); // true
isSelect("SELECT id, name from foo"); // true
isSelect("update ..."); // false
isSelect("DELETE ..."); // false
I'll use a whitelist for that, rather than a blacklist: 我将使用白名单,而不是黑名单:
function isValidQuery(str) {
return /^select\s+([a-z_*]+,?)+\s+from\s+[a-z_]+$/i.test(str);
}
This only matches queries of the form SELECT field, [field, ...] FROM table
. 这仅匹配SELECT field, [field, ...] FROM table
。 This can also be extended to allow certain kinds of WHERE
or GROUP BY
specifiers. 这也可以扩展为允许某些类型的WHERE
或GROUP BY
说明符。 If this isn't enough, you could also use a much stricter blacklist: 如果这还不够,您还可以使用更严格的黑名单:
function isValidQuery(str) {
if (/delete|update|insert|truncate|create|drop/i.test(str)) return false;
// possibly more excluding rules...
return true;
}
If you want to protect your data with this, I certainly wouldn't rely on the second method, as it can probably be circumvented (you forgot a dangerous command, SQL smuggling, ...) A much better approach would be to create a dedicated database user that only has read access to the tables you want to be available via this interface. 如果你想用此来保护您的数据,我肯定不会依靠第二种方法,因为它大概可以规避(你忘了危险的命令,SQL走私,...), 更好的方法是创建一个专用数据库用户,只对您希望通过此界面提供的表具有读访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.