You are pretty ambiguous with your question. From what I can gleem, the problem is that you have some sort of query string, in which values got interpolated before being escaped. This is most easily fixable by properly escaping the value BEFORE it is inserted into the string. Of course, this wouldn't be a problem if you are using Perl and the DBI module; however, you are not, so use whatever solution PHP has available (there is some sort of add_slashes function, I can't quite remember the name; look it up on php.net).
If you have no control over the values, then you have a much harder problem. Here is a way to fix it with Perl, although I'm not sure how much this will help you:
$_ = "INSERT INTO TABLENAME VALUES ('bunch o'f text','another text','a +not'cool'her text')"; s/\G (?<=') ((?: (?> [^\\']* ) | \\. | '(?![,)]) )*) ('[,)]) /fix("$1").$2/egx; print; sub fix { $_[0]=~s~(?<!\\)'~\\'~g;$_[0] }
Of course, this won't even work for every case. If you have a string like:
INSERT INTO TABLENAME VALUES ('bunch o',f text','another text')
or
INSERT INTO TABLENAME VALUES ('bunch o')f text','another text')
Then this solution will break, and I honestly can't think of a way around it (at least off the top of my head). The best solution will be to try to fix the values BEFORE they are inserted into the query string.
In reply to Re: Impossible RegEx?
by jryan
in thread Impossible RegEx?
by DaWolf
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |