RegExLib.com - The first Regular Expression Library on the Web!

Please support RegExLib Sponsors

Sponsors

Regular Expression Details

Title Test Find Pattern Title
Expression
(script)|(<)|(>)|(%3c)|(%3e)|(SELECT) |(UPDATE) |(INSERT) |(DELETE)|(GRANT) |(REVOKE)|(UNION)|(<)|(>)
Description
This Blacklist RegEx is designed to search a user input for any malicious code or SQL injection attempts.
Matches
http://www.domain.com/page.asp?param=</script> | https://www.domain.com/page.asp?param=;SELECT
Non-Matches
https://www.domain.com/page.asp?param=RealParam
Author Rating: The rating for this expression. Shahar Bracha
Source
Your Rating
Bad Good

Enter New Comment

Title

Name

Comment

Spammers suck - we apologize. Please enter the text shown below to enable your comment (not case sensitive - try as many times as you need to if the first ones are too hard):

Existing User Comments

Title: fghfghfgh
Name: dfgfgdfg
Date: 12/22/2016 1:25:11 PM
Comment:
fghdsfgsdfsdfsdf

Title: Getting Errors need help
Name: Anand
Date: 8/4/2014 11:30:39 AM
Comment:
Hello Everyone this is the expression i am using [RegularExpression(@"^((?!(script)|(<)|(>)|(%3c)|(%3e)|(SELECT)|(UPDATE)|(INSERT)|(DELETE)|(GRANT)|(REVOKE)|(&lt;)|(&gt;)).*)$", ErrorMessage = "Error")] If I enter SELECT, UPDATE and >,< ..etc. This is validated well.But I want to make it case insensitive. I tried by adding /i at the end, But didnt work out for me.Any help would be appreicated

Title: The word description should not match
Name: Carl
Date: 5/25/2007 5:09:12 PM
Comment:
The word description is a match since it contains "script". Ouch

Title: may return rows not matching search text
Name: Aamir
Date: 5/3/2007 12:36:33 PM
Comment:
This regexp is or may be good to prevent the data from being modified or deleted, but there is no provision to prevent all the rows from being returned if they match the following text. ' OR 1=1 -- However, the above exploit will not work if search column values are supplied as paramaters to stored procs and not as concatenated strings.

Title: What about...
Name: Phil
Date: 3/19/2007 1:53:35 PM
Comment:
What about TRUNCATE?

Title: Ok found the problem
Name: Chris
Date: 9/9/2005 11:29:38 AM
Comment:
You must be sure to remove the spaces after (SELECT) | Should be: (SELECT)|

Title: Not working
Name: Chris
Date: 9/9/2005 11:25:27 AM
Comment:
If I run the Test with: https://www.domain.com/page.asp?param=;SELECT It returns NO matches.

Title: Case sensitive ???
Name: Daniel
Date: 9/8/2005 1:24:10 PM
Comment:
What about http://www.domain.com/page.asp?param=</script>|||https://www.domain.com/page.asp?param=;select SQl is not case sensitive Just add "/i" at the end : correct exp: (script)|(<)|(>)|(%3c)|(%3e)|(SELECT) |(UPDATE) |(INSERT) |(DELETE) |(GRANT) |(REVOKE)| (&lt;) |(&gt;)/i

Title: Typo fixed...
Name: Shahar
Date: 2/8/2005 8:18:44 AM
Comment:
Thanks !

Title: typo correction
Name: Corey
Date: 2/7/2005 12:05:33 PM
Comment:
there is a typo in the above script... (GRENT) should be (GRANT) correct exp: (script)|(<)|(>)|(%3c)|(%3e)|(SELECT) |(UPDATE) |(INSERT) |(DELETE) |(GRANT) |(REVOKE)|(&lt;) |(&gt;)

Copyright © 2001-2025, RegexAdvice.com | ASP.NET Tutorials