| Title |
Test
Find
SQL Injection
|
| Expression |
(=)|(<)|(>)|(')|(--)|(/)|(\+)|(;)|(\*)|(!)|({)|(})|(drop table)|(drop stored)|(alter table)|(alter stored)|(sp_)|(xp_)|(exec )|(execute )|(fetch)|(select)|(kill)|(selectsys)|(sysobjects)|(syscolumns)|(isnull)|(coalesce)|(dbo)|(tbl)|(usp) |
| Description |
Prevent to use any text that can be executed on the database, it limits many options on the text but is safer than let all on the framework |
| Matches |
example' OR 1=1, drop all the walls and drop table |
| Non-Matches |
this is an example regex |
| Author |
Rating:
Roberto
|
| Source |
|
| Your Rating |
|
Title: Doesn't work in Java
Name: TGH
Date: 1/28/2020 5:24:00 PM
Comment:
You will have to escape the '{' and '}' to get Java regex to handle this expression. Otherwise it seems to work pretty well for blacklisting questionable query input.
Title: Good
Name: JB
Date: 10/25/2017 11:56:05 AM
Comment:
This covers everything that i would expect to see in a standard sql injection statement and doesn't place too much restriction on general user passwords
