Warning: file_get_contents(/data/phpspider/zhask/data//catemap/0/iphone/39.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Regex 使用正则表达式查找关键字_Regex_Vb.net_Keyword - Fatal编程技术网
Fatal编程技术网
  • regex/
  • Regex 使用正则表达式查找关键字

Regex 使用正则表达式查找关键字

regex vb.net

Regex 使用正则表达式查找关键字,regex,vb.net,keyword,Regex,Vb.net,Keyword,嘿,我有以下坏词,我想检查它们是否在我传递的字符串中: Private Function injectionCheck(queryString As String) As Integer Dim badWords() As String = {"EXEC", "EXECUTE", ";", "-", "*", "--", "@", "UNION", "DROP", "DELETE", "UPDATE", "INSERT",

嘿,我有以下坏词,我想检查它们是否在我传递的字符串中:

Private Function injectionCheck(queryString As String) As Integer
    Dim badWords() As String = {"EXEC", "EXECUTE", ";", "-", "*", "--", "@",
                                "UNION", "DROP", "DELETE", "UPDATE", "INSERT", "MASTER",
                                "TABLE", "XP_CMDSHELL", "CREATE", "XP_FIXEDDRIVES", 
                                "SYSCOLUMNS", "SYSOBJECTS"}
    Dim pattern As String = "\b(" + Regex.Escape(badWords(0))

    For Each key In badWords.Skip(1)
        pattern += "|" + Regex.Escape(key)
    Next

    pattern += ")\b"

    Return Regex.Matches(queryString, pattern, RegexOptions.IgnoreCase).Count
End Function
对于该模式,我得到以下结果:

\b(EXEC|EXECUTE|;|-|\*|--|@|UNION|DROP|DELETE|UPDATE|INSERT|MASTER|TABLE|XP_CMDSHELL|
   CREATE|XP_FIXEDDRIVES|SYSCOLUMNS|SYSOBJECTS)\b
在我看来这是正确的。但每次我叫它时,我都得到0作为对此的响应:

Dim blah As Integer = injectionCheck("select * from bob where something = 'you'")
既然上面的不应该返回0,那么我应该忽略什么呢?它应该返回2,因为*和都是不应该使用的。

如果您计划将单词作为整个单词进行匹配,但关键字可能以非单词字符开始/结束,您可能会遇到类似的问题。单词边界的含义取决于上下文:
\b--\b
将在
X--X
中匹配,但在
,-,
中不匹配

您需要一个明确的边界匹配。使用lookarounds
(?作为前导词,
(?!\w)
作为尾随词边界

实施如下所示的更改:


Dim pattern As String = "(?<!\w)(" + Regex.Escape(badWords(0)) ' <== HERE

For Each key In badWords.Skip(1)
    pattern += "|" + Regex.Escape(key)
Next

pattern += ")(?!\w)"  ' <== AND HERE



Dim pattern As String=“(?字符串与模式不匹配。问题出在
\b
上。很好,Wiktor。谢谢!