Query Checking

Codes here !

Moderators: egami, macek, gesf

Post Reply
seandisanti
php-forum Fan User
php-forum Fan User
Posts: 973
Joined: Mon Oct 01, 2012 12:32 pm

Wed Mar 20, 2013 8:30 am

1. You should know what kind of query is being run, you should not ever be arbitrarily running whatever kind of query is being passed.

2. even if you explode on SQL keywords, that does not guarantee that you'll correctly identify the intent of the query. SQL allows sub queries, unions, etc that all allow the writer of a query to pass multiple directives within the same query. (see #1)

johnj
php-forum Super User
php-forum Super User
Posts: 1803
Joined: Thu Mar 10, 2011 5:07 pm

Thu Mar 21, 2013 10:49 pm

Code: Select all


$sql = "Select from myTable";
$temp = explode(" ",$sql);
if (count($temp) > 0)
{
    if ($temp[0] == 'Select' || $temp[0] == 'SELECT' || $temp[0] == 'select')
    {
    }
    elseif ()
    {
    }
}

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 6 guests