Validating SQL

[ryanh_106]

Hi, sorry if this is a noddy question but I am pretty new to reg exps

I want to check that an SQL statement is of the form
INSERT INTO table (cols) VALUES (values)
and not
INSERT INTO table (cols) VALUES (values), (morevalues), (moreagain)

i.e. Only one set of values is being used (nobody has injected an extra row in there)

but when I imagine how the regexp would look i can only imagine something like (.*) which could still be "(x), (y), (z)"

How does this work?
Cheers
Ryan

[ToonMariner]

you should not be allowing users to inject mysql!

any data you process from a form should be checked to see if they are trying to inject - using mysql_escape_string or mysql_escape_real_string are what you need.

[ryanh_106]

:-[ ???

Where did I say I wanted to let them inject SQL??? That would just be stupid, I am trying to check they ARENT injecting.

I was interested to know how this could be checked using reg exps (aswell as the mysql functions)

[ToonMariner]

Where did I say you were wanting them to insetr mysql? I sadi you shoudl not let them - by that I mean your code shoudl be such that youare protected against injection....

So I will accept your apology before you offer it  ;)

There is no point in reasearching what regex you will need to perform thsi task - it will be less efficient and less effective than the already availbe, built for purpose functions.