regex pattern · ready to copy
Regex for detecting SQL injection patterns
Crude pre-scan to flag potentially malicious SQL strings. NOT a security control — defense-in-depth only.
intermediate
javascript / pcre / python4 use cases
The pattern
(?i)\b(union\s+select|or\s+1=1|drop\s+table|delete\s+from|insert\s+into|--|;.*--|/\*.*\*/)
Test cases
| Input | Result |
|---|---|
| UNION SELECT * | ✓matches |
| OR 1=1 | ✓matches |
| DROP TABLE users; -- | ✓matches |
| benign select query | ✗rejects |
| user input with --double-dash inside CSV | ✗rejects |
Edge cases & caveats
WARNING: regex blocking is NOT a security control. Use parameterized queries / prepared statements always. This regex is for WAF/log alerting only. False positives common — combine with anomaly detection.
Note: see the warning above. Treat this page as a starting point, not a security control.
Common use cases
- WAF log triage
- post-incident IOC search
- honeypot bait detection
- audit log pre-screen
Try variations against your data
regexlab is a free in-browser tester with side-by-side match highlighting, group inspector, and named-capture export to JS/Python/PCRE.
Open regexlab
Related
url slug · twitter handle · credit card number · us zip code