开发者

Regex question - searching a: specific pattern without quotes

问答 作者:

I开发者_如何转开发 have a MYSQL class, which I'd like to make safe against SQL injection, so I thought of a checking algorithm. For example:

query("SELECT * FROM xyz WHERE id = @1 AND name = '@2' AND pwd = '@3' AND somenumber = @4", param1, param2, param3, param4)

This regex expression must match @1 and @4, so the first, and 4th argument should be integer.

I tried this:

[^'"]@\d+[^'"]

But it doesnt match: 

@1,@4,@5

What could be the right expression?

Thank you in advance.

If you want @123 but not "@123", use

(?<!["'])@\d+(?!['"])

What your regex does:

  • [^'"] matches one « anything but the string '" »
  • @\d+ matches one at sign and as much numbers as possible
  • [^'"] matches another « anything but the string '" »

Therefore it would match d@12), @@0@, k@09. ...

继续阅读:regex

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9