[ic] sql query with UNION broken

Kevin Walsh kevin at cursor.biz
Fri Aug 22 16:37:30 EDT 2003


Jon Jensen [jon at endpoint.com] wrote:
> 
> Perhaps we should switch the logic of the test, since UPDATE statements 
> will be more homogeneous than SELECTs and also much rarer:
> 
> $update = 1 if $query =~ /^\s*update\s+/i;
> 
> But that would mess up DELETE, DROP INDEX/TABLE, CREATE INDEX/TABLE, etc.  
> So maybe just a minor correction would be better:
> 
> $update = 1 if $query !~ /^\s*\W*\s*select\s+/i;
> 
The second correction is better, in my opinion.  There is only one
SELECT statement, while there are loads of statements that would need
$update to be set.

I suggest a minor correction to your second proposal, as follows:

    $update = 1 if $query !~ /^[\s\W]*select\s+/i;

That would allow multiple opening parentheses (with or without
whitespace between) before the SELECT.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/



More information about the interchange-users mailing list