Question
I have a text box in a project where user can write database queries, but I nedd to prevent statements like DELETE, DROP or use of comments (/* */, --) or semicolon ;.
I'm using the folowing RegExp to check the query. It must math only valid statments.
https://stackoverflow.com/questions/23680316
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian/^(?!.*\-\-)(?!.*\/\*)(?!.*\*\/)(?!.*;)(?!.*CREATE)(?!.*DROP)(?!.*ALTER)(?!.*UPDATE)(?!.*DELETE).*$/
The RegExp is working fine, but it's not matching also line breaks and carriage returns (\n, \r), which should be permited.
How can I update the RegExp to allow \n and \r?
Solution
@FabSa gave me the answer.
The trick is just set the PCRE_DOTALL flag, as I'm using PHP _preg_match(). This does make a dot (.) metacharacter matches all characters, incluind newline (\n).
So, the final regex is as folows:
/^(?!.*\-\-)(?!.*\/\*)(?!.*\*\/)(?!.*;)(?!.*CREATE)(?!.*DROP)(?!.*ALTER)(?!.*UPDATE)(?!.*DELETE).*$/s
