search

catfan / Medoo

The lightweight PHP database framework to accelerate the development.
https://medoo.in
MIT License
4.84k stars 1.15k forks source link

[feature] Mysql Regexp Function #414

Closed indiwine closed 6 years ago

indiwine commented 8 years ago

Hi.

Its not an issue itself. Is it good idea to add MySQL regexp function support to Medoo?

Unfortunately its not possible to do a PDO::quote on any regexp. Is there any way to make such queries secured?

What do you think about it?

elbyvilayil commented 8 years ago

Hi I added Regexp in where. You can check in the issue "Add REGEX in WHERE query #416" . But I didn't check with PDO::quote

indiwine commented 8 years ago

Oh I also do the same(on the local branch, of course) :) But with syntax: [ "REGEXP#comment" => [ 'column' => 'some column', 'pattern' => '[abz] ]]

Is secure to pass a regexp pattern to mysql without any checks?

elbyvilayil commented 8 years ago

I think its not secure but if the regexp will be provided by the developer its no problem. The challenge is how can we filter regex ?

indiwine commented 8 years ago

Maybe some regexp? Regexp to check regexp

catfan commented 6 years ago

v1.5 support regexp.

https://medoo.in/api/where