We use cookies to ensure that we give you the best experience on our website.

Parse the values and field names in where clause

Parse the values and field names in where/having clause, or check that the user has specified specific columns in the where clause, this information can be used to code a parameterized query then protect/detect SQL injection.

the sample SQL statement that needed to be parsed was:

SELECT firstname,
       lastname,
       age
FROM   Clients
WHERE  State = "CA"
       AND City = "Hollywood"

The result you may wanted to achieve was similar to this:

column: State
Operator: =
value: "CA"

column: City
Operator: =
value: "Hollywood"

Download this demo: C# demo, Java demo