How can I use PHP preg_match for a string to check if it contains any sql? Not for preventing SQL injection but just to tell if it contains a sql statement
Checking a string for SQL is not worth your time or resources for that matter. If the goal is to prevent injection you should use PDO .
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array('name' => $name));
foreach ($stmt as $row) {
// do something with $row
}
Reference material: How can I prevent SQL injection in PHP?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.