Detect malicious code in a SQL statement in PHP
function detectMalice($sql) { return preg_match("/;\s*(ALTER|CREATE|DELETE|DROP|EXEC|INSERT|MERGE|SELECT|UPDATE)/",$sql); } function test($sql) { if (detectMalice($sql)) { echo "MALICIOUS"; } else { echo "GOOD"; } echo ": $sql "; } test("SELECT * FROM mytable"); test("SELECT * FROM mytable;"); test("SELECT * FROM mytable;DELETE FROM mytable"); test("SELECT * FROM mytable; DROP mytable"); test("SELECT * FROM mytable; DROP mytable");