<?php
$val = 'asc and 1 = 1; select * from admin_user desc';
$direction = 'asci';
if (preg_match('/(.*\W)(ASC|DESC)\b/si', $val, $matches)) {
$val = trim($matches[1]);
$direction = $matches[2];
}
var_dump($val, $direction, $matches);
- Output for 4.3.0 - 4.3.11, 4.4.0 - 4.4.9, 5.0.0 - 5.0.5, 5.1.0 - 5.1.6, 5.2.0 - 5.2.17, 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.24 - 5.5.35, 5.6.8 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.10, 7.2.0 - 7.2.33, 7.3.12 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.27, 8.2.0 - 8.2.17, 8.3.0 - 8.3.4
- string(39) "asc and 1 = 1; select * from admin_user"
string(4) "desc"
array(3) {
[0]=>
string(44) "asc and 1 = 1; select * from admin_user desc"
[1]=>
string(40) "asc and 1 = 1; select * from admin_user "
[2]=>
string(4) "desc"
}
preferences:
219.69 ms | 406 KiB | 308 Q