19Şub
Is it possible to detect 100% of SQLi with a simple regex?
I'm wondering if it is possible to detect 100% of the possible SQLi attacks using a simple regex.
In other words, using very simple PHP code as an example:
if (preg_match("/select/i", $input)) {
attack_log("Possible SELECT SQLi detected.")
}
The questions are:
- Will that regex catch all possible SQLi attacks that use SELECT? If not, is it possible to change that regex so that it is going to detect all injections that rely on SELECT?
- Is it possible to change that regex to so that it will catch all possible SQLi, so not only SELECT statements but also all the rest? I'm afraid that to achieve this I would need to add every possible SQL keyword to the regex, including "AND" and "OR".
- Supposing it's not possible or feasible to detect all SQLi by trying to match all the possible SQL keywords, is there a limited subset of keywords that would allow me to detect the vast majority of possible attacks?
