lang:

PHP

regex:

mysql_query\s?\(|mysqli_query\s?\(|pg_execute\s?\(|pg_insert\s?\(|pg_query\s?\(|pg_select\s?\(|pg_update\s?\(|sqlite_query\s?\(|msql_query\s?\(|mssql_query\s?\(|odbc_exec\s?\(|fbsql_query\s?\(|sybase_query\s?\(|ibase_query\s?\(|dbx_query\s?\(|ingres_query\s?\(|ifx_query\s?\(|oci_parse\s?\(|sqlsrv_query\s?\(|maxdb_query\s?\(|db2_exec\s?\(

description:

Possible SQL injection, ensure all queries are implemented as parameterized queries. http://cwe.mitre.org/data/definitions/89.html
tags:
sql injection cwe-89
results