Query Checking

Codes here !

Moderators: macek, egami, gesf

Post Reply
seandisanti
php-forum Fan User
php-forum Fan User
Posts: 973
Joined: Mon Oct 01, 2012 12:32 pm

Re: Query Checking

Post by seandisanti » Wed Mar 20, 2013 8:30 am

1. You should know what kind of query is being run, you should not ever be arbitrarily running whatever kind of query is being passed.

2. even if you explode on SQL keywords, that does not guarantee that you'll correctly identify the intent of the query. SQL allows sub queries, unions, etc that all allow the writer of a query to pass multiple directives within the same query. (see #1)

johnj
php-forum Super User
php-forum Super User
Posts: 1803
Joined: Thu Mar 10, 2011 5:07 pm

Re: Query Checking

Post by johnj » Thu Mar 21, 2013 10:49 pm

Code: Select all


$sql = "Select from myTable";
$temp = explode(" ",$sql);
if (count($temp) > 0)
{
    if ($temp[0] == 'Select' || $temp[0] == 'SELECT' || $temp[0] == 'select')
    {
    }
    elseif ()
    {
    }
}

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests