Hi, I want to search for potentital SQL injection vulnerabilities in my PHP project.
I'm trying to use this regexp: =[\s]*'"[^\w]*(?<!\(int\))\$(?!(this->db->escape|db->escape))[\w]+
But TotalCmd returns this alert: Unrecognized Modifier (pos 24)
Can someone help me?
Thanks.
Search in files by regexp - Unrecognized Modifier
Moderators: white, Hacker, petermad, Stefan2
Re: Search in files by regexp - Unrecognized Modifier
Hi and welcome.
In TC press 'F1' on your keyboard and [Search] for 'regex' to read about the syntax and the engine TC utilizes.
Or use this path in help: [Content] > Operation > Regular expressions
Some first notes:
- lock around is not supported. ((("?!" is a negative lookahead, isn't it ?, ah, and there is a "?<!" too)))
- the sign '>' may be interpreted as a regex metachar. Try using a dot instead. ((("this->db->escape" >> "this-.db-.escape"))) Or escape it: "-\>".
In TC press 'F1' on your keyboard and [Search] for 'regex' to read about the syntax and the engine TC utilizes.
Or use this path in help: [Content] > Operation > Regular expressions
Some first notes:
- lock around is not supported. ((("?!" is a negative lookahead, isn't it ?, ah, and there is a "?<!" too)))
- the sign '>' may be interpreted as a regex metachar. Try using a dot instead. ((("this->db->escape" >> "this-.db-.escape"))) Or escape it: "-\>".