Reputation: 2170
Regex that matches a string that does not contain a specific string
From time to time I come across this problem and I finally want a solution for this once and for all.
It's best to come up with an example that could be used practically. Imagine you have an application with a lot of INSERT-INTO-statements using mysql and php and you want to find statements that do not have a mysql_real_escape_string() because they would be vulnerable for sql injection. To keep it simple, let's assume that each query ends with a semicolon.
So how do you match strings that start with "INSERT INTO" and end with ";" and don't contain "mysql_real_escape_string"?
My assumption is that the quantifiers you have to use (+ and *) and the fact that a regex always is trying to match will lead to the behaviour that the regex eats just as much characters that a lookahead or lookbehind for the not contained string does not find it, even it is there. That's the core problem, I think.
Upvotes: 2
Views: 543
Answers (1)
Reputation: 93030
Use negative lookahead:
^INSERT INTO(?!mysql_real_escape_string)(.(?!mysql_real_escape_string))*;$
Upvotes: 4
Related Questions
- Regex Match - How to match a string that does not contain a specific char
- Regex to match a string not followed by some string
- How to find matches that do not include a string in regular expressions
- Regular Expression to match string which doesn't contain substring
- regular expression to contain all strings that don't contain a pattern
- Regex for not matching a string
- regex: don't match if containing a specific string
- Regex Match That doesn't contain some text
- Is there a way to use regex to match a string that doesn't contain another string?
- Regex to match a string that does not contain 'xxx'