By: Craig

Craig — Wed, 23 Dec 2009 07:06:47 +0000

I am trying to get a regular expression that will only remove double quotes between any html tag.

I Like “cheese”

Only want to remove quotes from width parameter. Any help would be appreciated…

By: Kyle Simpson

Kyle Simpson — Wed, 11 Nov 2009 03:52:49 +0000

I like this regex, pretty cool. However, one caveat to mention… in source code for a language like javascript that supports regex literals, this regex would match what it thinks are string literals inside a regex literal, which some might argue it should not.

currently working on my own set of code to properly recognize/tokenize string literals, regex literals, and single/multi-line comments from JS code, and I’ve found that regex literals in particular throw lots of monkey wrench into the process.

The only way i’ve found is a combination of limited regexes and a lot of stateful loop iteration processing to identify all the various cases where strings appear inside of regexes, or regexes appear inside of strings, or all the other weird cases that can happen. lots of fun, let me tell ya.

By: Manda

Manda — Sat, 19 Sep 2009 07:49:28 +0000

In PHP, I’m using this pattern :
‘/([\"\'])(?:.*[^\\\\]+)*(?:(?:\\\\{2})*)+\1/xU’

Works great for me, even with multiple backslashed-backslashes, like :

name=”manda yugana \\\”gantenx\\\” banget”

name=”manda yugana \\\\\”gantenx\\\\\” banget”

By: Jason

Jason — Mon, 21 Jul 2008 21:21:37 +0000

I am trying to adapt this in VB/VBScript to parse a dynamic sql result string for parameters. I will then take each matched parameter and use a command parameter to help alleviate sql injection concerns. I was getting tripped up with some of the more advanced input scenarios though, but now I think I have it straightened out. Thought I'd share it with you since I found your post here to do all the heavy lifting for me and others may find this useful. Since VBS handles escaped quotes 2 double quotes I have modified the regex to handle those instead of javascript escaped characters.

<%
'SQL query tests using parameters

'@@@@@@@@@@@@@@@@@@@@     Functions     @@@@@@@@@@@@@@@@@@@@
	function ConvertToParams(sqlIn)
		retVal = sqlIn
		
		Set RegularExpressionObject = New RegExp
		
		With RegularExpressionObject
		.Pattern = "([""'])(?:(?!\1)[^""""]|"""".)*\1"
		.IgnoreCase = True
		.Global = True
		End With
		
		Set expressionmatch = RegularExpressionObject.Execute(retVal)
		
		if expressionmatch.Count > 0 Then
			For Each expressionmatched in expressionmatch
				Response.Write "" & expressionmatched.Value & " was matched at position " & expressionmatched.FirstIndex & "
"
			Next
		end if
		
		ConvertToParams = retVal
	end function	
	
'@@@@@@@@@@@@@@@@@@@@     End Functions     @@@@@@@@@@@@@@@@@@@@
%>



 
 Parameterized Queries Test
 
 
 
 
 <% 
	 
	 SQL = "INSERT INTO dbo.TEST " & _
			"(TEXT) " & _
			"VALUES " & _
			"(""I would say that the """"preference"""" is for a more open solution that will meet everyone's needs.  Wouldn't you agree with these thoughts I've had?"") " & _
			"go " & _
			"INSERT INTO dbo.TEST " & _
			"(TEXT) " & _
			"VALUES " & _
			"(""O'brien's favorite pastime isn't listed although it """"should"""" be"") " & _
			"go "

	 response.write("SQL=" & SQL & "

" &vbcrlf)	
	 response.write(ConvertToParams(SQL) & "



" &vbcrlf)		 
 %>

By: Steve

Steve — Wed, 13 Feb 2008 00:38:06 +0000

A fair point, Ted. However, this post was born out of examples of using backreferences. I think the regex (["'])(\\?+.)*?\1 is quite pretty due to its brevity, but the rest of the regexes in this post are not great (this is one of my oldest posts here). If you really cared about performance you could unroll the loops, resulting in "[^"\\]*(?:\\.[^"\\]*)*"|'[^'\\]*(?:\\.[^'\\]*)*'. That's just as portable as what you posted if you take out the ?:s which create non-capturing groups.

Comments on: Regexes in Depth: Advanced Quoted String Matching

By: Craig

By: Kyle Simpson

By: Manda

By: Jason

By: Steve