<?
function detectMalice($sql) {
    return preg_match("/;\s*(ALTER|CREATE|DELETE|DROP|EXEC|INSERT|MERGE|SELECT|UPDATE)/",$sql);
}
 
function test($sql) {
    if (detectMalice($sql)) {
        echo "MALICIOUS";
    } else {
        echo "GOOD";
    }
    echo ": $sql
";
}
 
test("SELECT * FROM mytable");
test("SELECT * FROM mytable;");
test("SELECT * FROM mytable;DELETE FROM mytable");
test("SELECT * FROM mytable;    DROP mytable");
test("SELECT * FROM mytable;    
    DROP mytable");
?>