I am having problems with my RegEx under PHP.
What I'm trying to do is detect unclosed comments in mySQL, What I'm doing is taking a query apart, where a single quote ' is the seperator
so basically "hello'how'are'you'doing" will get seperated to
1)hello
2)how
3)are
4)you
5)doing
And because both how and you are in quotes, they are not suspicious (I'm trying to check for SQL injections!) and 1,3,5 are actual SQL code.

So what's the problem?

well if we have "hello/*'*/how'are'you'doing", we get
1) hello/*
2) */how
3) are
4) you
5) doing

The problem is obvious: My queck was bypassed by using a ' in a quote, and now 2 and 4, which are treated as secure input are SQL code, would not be checked and could be exploited without being detected
So what I'm doing against that is checking for unclosed comments. I need a regex that matches the following:
hello/*
hello/*hi
hel/*hello*/lo/*hello*//*
hello *//*hello
hello */hello/*hello

but not:
hello/* hello /* hello */ hello
hello/* hello /* hello */
(these two are especially important)
hello/**/hello
hello/**/
hello/*hello*/
hello/*hello*/hello

The best I could come up with is "\/\*(.[^\*][^\/]*|)$", which doesn't work properly at all.

I would really appreciate the help

it's not clear what input text u have in mind:

for one thing, there is no string like:

--hello/*hi

in the sample text you provided:

--"hello/*'*/how'are'you'doing"

so how are you supposed to match what is not there?

Also, it 's highly advisable not to provide made-up samples of text whenn seeking regex help, instead pls post some real text.

This thing is supposed to accept any input and check it. What I gave you is what I used for testing it, I'm sorry, but that's just the way it is.
The first part with the "hello'how'are'you'doing" was just me explaining how the program works before it gets to the actual regex part, explaining WHY I need the regex, it's not actually part of the regex itself, sorry if that caused confusion.

Anyway, let me try to explain it again with less tech-jargon:

I need regex that matches an opened comment (/*) that has not been closed (no */ afterwards)
this regex will check an imput string, and if it has a comment that has not been closed, it will return a message

here are examples of what it should match, which I used for testing my regex:
hello/*
hello/*hello
hello/**/hello/*
hello/*a*/hello/*a

and here are a few examples that it should NOT match which I used:
hello/**/
he/**/llo
he/*ll*/o
h/*e/*ll*/o
h/*e/*ll*/


I hope that cleared it up

u say:

***I need regex that matches an opened comment (/*) that has not been closed (no */ afterwards)***

and then post these strings that should NOT be matched :

h/*e/*ll*/o

h/*e/*ll*/

but if u look closer, u'll see that they do have unclosed comments [the first occurrence of /*]

pls explain this inconsistency.

try this regex:

^[^/*\\]+(/\*[^/*\\]*\*/[^/*\\]*)*/\*[^/*\\]*$

it does what u asked [if u match strings one-by-one], but I still don't get your logic with these two: [see my prev post]

h/*e/*ll*/o
h/*e/*ll*/

 

 

 

Sergei Z:

u say:

***I need regex that matches an opened comment (/*) that has not been closed (no */ afterwards)***

and then post these strings that should NOT be matched :

h/*e/*ll*/o

h/*e/*ll*/

but if u look closer, u'll see that they do have unclosed comments [the first occurrence of /*]

pls explain this inconsistency.

This is a paradoxon. You see, the second /* is commented out.
This is why I specifically mentioned this, if an attack used "hello/*whats/*up*/you" "whats/*up" would be commented out, and thus it's a complete comment.

can the rule be rewritten as: *don't match IF consequtive /* are encountered*?

hello/* hello /* hello */ hello

actually my regex is probably already enforcing the rule by disallowing nested /* inside /*.....*/

doesn't that mean it's doing the opposite of enforcing it?

Anyway, guys, I solved the problem by first replacing all the closed comments with regex, and then searching for leftover comment openings

Thanks for the help anyway, everyone