DD
DevDash

Regex for SQL Injection Pattern

Regex Pattern

(?:--|;|'|"\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\s)

Basic SQL injection detection patterns

Quick Answer

The regex pattern for sql injection pattern is `(?:--|;|'|"\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\s)`. Basic SQL injection detection patterns. This works in JavaScript, Python, Ruby, PHP, Java, and most regex engines that support PCRE syntax.

Test Examples

InputResult
' OR 1=1 --✓ Matches
admin'; DROP TABLE users;✓ Matches
" UNION SELECT * FROM✓ Matches
normal text✗ No match
SELECT from menu✗ No match
John O'Brien✗ No match

Code Examples

javascript

const regex = /(?:--|;|'|"\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\s)/;
const isValid = regex.test(value);

python

import re
pattern = r'(?:--|;|'|"\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\s)'
if re.match(pattern, value):
    print("valid")

ruby

pattern = /(?:--|;|'|"\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\s)/
if value =~ pattern
  puts "valid"
end

php

if (preg_match('/(?:--|;|'|"\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\s)/', $value)) {
    echo "valid";
}

java

String pattern = "(?:--|;|'|"\\s*(?:OR|AND|UNION|SELECT|INSERT|UPDATE|DELETE|DROP)\\s)";
boolean isValid = value.matches(pattern);

Frequently Asked Questions

Related Regex Patterns

XSS Script Tag

Detects HTML script tags (basic XSS detection)

Path Traversal Pattern

Detects directory traversal attempts (../ or ..\)

Email Address

Validates a standard email address format

Email (RFC 5322 Compliant)

RFC 5322 compliant email validation with label length limits

URL (HTTP/HTTPS)

Validates HTTP and HTTPS URLs

URL (Any Protocol)

Matches URLs with any protocol (http, https, ftp, ws, etc.)

Want API access + no ads? Pro coming soon.