Oracle Database Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

SQL Injection and Java Regular Expression: How to match words?

680524Apr 28 2011 — edited Apr 28 2011

Dear friends,

I am handling sql injection attack to our application with java regular expression. I used it to match that if there are malicious characters or key words injected into the parameter value.

The denied characters and key words can be " ' ", " ; ", "insert", "delete" and so on. The expression I write is String pattern_str="('|;|insert|delete)+".

I know it is not correct. It could not be used to only match the whole word insert or delete. Each character in the two words can be matched and it is not what I want. Do you have any idea to only match the whole word?

Thanks,
Ricky

Edited by: Ricky Ru on 28/04/2011 02:29

Locked Post

New comments cannot be posted to this locked post.

Locked on May 26 2011

Added on Apr 28 2011

#general-database-discussions

1 comment

1,715 views