<?php /** * Tokenizes text that looks something like SQL. */ function tokenizeSQL( $SQL ) { $functions = array ( 'concat', 'if' ); $token = '\\(|\\)|[\']|"|\140|[*]|,|<|>|<>|=|[+]'; $terminal = $token.'|;| |\\n'; $result = array(); $string = $SQL; $string = ltrim($string); $string = rtrim($string,';').';'; // always ends with a terminal $string = preg_replace( "/[\n\r]/s", ' ', $string ); while( preg_match( "/^($token)($terminal)/s", $string, $matches ) || preg_match( "/^({$token})./s", $string, $matches ) || preg_match( "/^([a-zA-Z0-9_.]+?)($terminal)/s", $string, $matches) ) { $t = $matches[1]; if ($t=='\'') { // it's a string $t = tokSingleQuoteString( $string ); array_push($result, $t); } else if ($t=="\140") { // it's a backtick string (a name) $t = tokBackQuoteString( $string ); array_push($result, $t); } else if ($t=='"') { // it's a double quoted string (a name in normal sql) $t = tokDoubleQuoteString( $string ); array_push($result, $t); } else { array_push($result, $t); } $string = substr( $string, strlen($t) ); $string = ltrim($string); } return $result; } function tokSingleQuoteString( $string ) { // matches a single-quoted string in $string // $string starts with a single quote preg_match('/^(\'.*?\').*$/s', $string, $matches ); return $matches[1]; } function tokBackQuoteString( $string ) { // matches a back-quoted string in $string // $string starts with a back quote preg_match('/^([\140].*?[\140]).*$/s', $string, $matches ); return $matches[1]; } function tokDoubleQuoteString( $string ) { // matches a back-quoted string in $string // $string starts with a back quote preg_match('/^(".*?").*$/s', $string, $matches ); return $matches[1]; } print "<pre>"; print_r(tokenizeSQL('SELECT name, rew from asdf where id in(select papa from sdfff')); print "</pre>";
You have javascript disabled. You will not be able to edit any code.