如何使用正則表達式檢查行包含內聯sql語句？

Question

我正在研究使用JavaScript幾乎完成的代碼檢查功能。 我想檢查php代碼文件是否包含內聯sql語句。 使用javascript如何做到這一點。

Answer 1

在下面嘗試這些表達式

 // 1st expression (simplest)
^(SELECT|INSERT\sINTO\s|DELETE|UPDATE).+;?$/gi

//2nd expression (a better one)
^(?=(SELECT|INSERT|DELETE|UPDATE)+).*(?=(FROM|SET|INTO)+).*(WHERE|ORDER\sBy|LIMIT)?;?$

//3rd expression (even better)
(?=(SELECT|INSERT|DELETE|UPDATE)+).*(?=(FROM|SET|INTO)+).*(WHERE|ORDER\sBy|LIMIT)?;? 

---

// Strings tested so far using third expression (no fails so far)

SELECT password FROM users WHERE 1
I'd like to select all my best books
WHERE are you?
UPDATE users SET password = "hacked"
We were in group of three
SELECT all elements of something
I'm FROM / from someland
DELETE * FROM users WHERE
I do love regex
SELECT * FROM users WHERE 1;
SELECT password FROM users WHERE 1 LIMIT 1
Insert a freaking coin into machine
INSERT INTO users VALUES
DELETE * FROM users;
DELETE password FROM users LIKE 'admin'
UPDATE users SET password = '' 
OMG!
SELECT Chuck Norris for a president
UPDATE Brian SET tolerance = 'higher'    <--- though, a proper SQL ;)
SELECT * FROM users
Let's check this SELECT user FROM users; whatever
SELECT user FROM users
SELECT user, password FROM users
SELECT * FROM users WHERE user LIKE 'admin'
SELECT * FROM users WHERE user = 'admin'
SELECT user FROM users WHERE password = '' ORDER BY user;
DELETE * FROM users
DELETE FROM users
DELETE FROM users WHERE user = "admin";
UPDATE users SET password = '';
UPDATE users SET username = 'hohoho' AND password = '';
INSERT INTO users VALUES ('santa', 'hohoho');
INSERT INTO users (username, password) VALUES ('santa', 'hohoho');

用法：

pattern = /(?=(SELECT|INSERT|DELETE|UPDATE)+).*(?=(FROM|SET|INTO)+).*(WHERE|ORDER\sBy|LIMIT)?;?/gi;
pattern.test('SELECT user, password FROM users'); // true

正在進行測試... :)正則表達式小提琴