1

Hi I need to remove some unwanted characters from a string, I'm trying to make a regex to match the required characters but I feel like I'm miles off and don't want to create false positives. Some help would be very much appreciated.

The starting string looks like:

'SELECT \t* \nFROM \tAudit_Log a WHERE changedate > \'2016-07-21T18:51:41.900Z\''

however this doesn't get parsed correctly by MYSQL, so it needs to look like:

'SELECT * FROM \tAudit_Log a WHERE changedate > '2016-07-21T18:51:41.900Z''

I've tried this but not having much luck:

str = str.replace('\t', '');
str = str.replace('\n', '');
str = str.replace('\\', '');
Improve this question
3
  • What is an escape character \t doing in a sql statement? And, what if it's some other letter? Commented Jul 21, 2016 at 18:02
  • Realize that you are still vulnerable to SQL injections. NEVER trust ANYTHING from users. Always sanitize your input on the Server side. You can clean, to ensure that the content is worth being processed, but please, do know that is very easy to alter any request, from the client side. Commented Jul 21, 2016 at 18:04
  • sorry should clarify this is on the node end and the statements don't come from the user Commented Jul 21, 2016 at 18:05

4 Answers 4

Reset to default
1

If escape plus a-z is the culprit, simplify it to two cases:

  1. Escape + not a-z nor escape
  2. Escape + a-z or escape

In the first case, the not a-z (punctuation) is written back.
In the second case, its not.

Find: (?i)\\(?:([^\\a-z])|[\\a-z])?
Replace: $1 or \1

Expanded 

 (?i)                   # Case insensitive
 \\                     # '\' To be removed
 (?:                    # Cluster start
      ( [^\\a-z] )           # (1), Punctuation written back
   |                       # or,
      [\\a-z]                # The rest, to be removed
 )?                     # Cluster end, and is optional for EOS
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Here is a solution

var str =  'SELECT \t* \nFROM \tAudit_Log a WHERE changedate > \'2016-07-21T18:51:41.900Z\'';
str = str.replace(/\t|\n/g, '').replace(/\'/g, "'")
Improve this answer

3 Comments

This still ends up looking like: SELECT * \nFROM Audit_Log a WHERE changedate > \'2016-07-21T19:00:56.741Z\'
Updated my answer.. missed \n
Wonderful thankyou, however now it's just the backslashes, replace('\', '') doesnt seem to work
0

Try this,

str.replace(/[\n\t\r]/g,"")
Improve this answer

2 Comments

While this code snippet may solve the question, including an explanation really helps to improve the quality of your post. Remember that you are answering the question for readers in the future, and those people might not know the reasons for your code suggestion. Please also try not to crowd your code with explanatory comments, as this reduces the readability of both the code and the explanations!
@FrankerZ I agree with you. Apologies for that!.
0

None of the other solutions gave the desired result, the pattern I ended up using is:

(\\t|\\n|\\)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.