RegEx to find SQL in code without CFQueryParam
ColdFusion, CFEclipse, RegexI know it's far from perfect (that's partly why I'm posting - so you can show me the light), but here's a RegEx I'm using in Eclipse to find all the places in our code where we didn't use CFQueryParam around variables (shame, shame). Please let me know if you see ways to improve it.
\s+(where|set)\s+[a-z_\.]+\s+(like|\=)\s+'?%?#[a-z"_'\.\(\)\+\/]+#%?'?
And can someone help me figure out how to make this Regex include CF variables passed in to INSERT statements?
TIA
James Netherton said:
Peter Boughton has already written such a utility. Check it out on riaforge:
http://qpscanner.riaforge.org/
http://qpscanner.riaforge.org/
cfZen said:
QPScanner is a very cool tool, indeed. Thank you! I just downloaded it and took a look... unfortunately, it has a lot of false-positives (i.e. finding query clauses that already have CFQueryParam on them); also, I'm looking for a RegEx to run directly in Eclipse
.: HIDE REPLIES :.
cfZen said:
@Peter - I'm sorry, the app does not have "a lot of false positives", as I wrote hastily earlier. It only has very few that I have found. Here's one example:
SELECT Style_ID
FROM Styles(nolock)
WHERE Style =
OR Style =
SELECT Style_ID
FROM Styles(nolock)
WHERE Style =
OR Style =
cfZen said:
@Peter - er... I'll send you some examples directly since the code doesn't post too well in this blog software :\
Tree said:
Hi. Do you know Lexie Longnion? If so, please email me to discuss. I am unsure if she is just visit us as a neighbor or wants to stay. :)
Congrats on your move.
Congrats on your move.
Loading....