private static Boolean CheckSQLSyntax(QueryInfo query)
{
string sql = query.CommandString;
int pos;
if (query.CommandType != "Execute" && query.CommandType != "DDLCommand")
{
if (query.CommandString.Substring(0, query.CommandType.Length).ToUpper() != query.CommandType.ToUpper())
{
return(false);
}
sql = sql.Substring(query.CommandType.Length, sql.Length - query.CommandType.Length).Trim();
}
switch (query.CommandType)
{
case "Insert":
if (sql.Substring(0, 4).ToUpper() != "INTO")
{
return(false);
}
sql = sql.Substring(4).Trim();
if (sql.Substring(1, query.ObjectName.Length).ToUpper() != query.ObjectName.ToUpper())
{
return(false);
}
sql = sql.Substring(query.ObjectName.Length + 2, sql.Length - query.ObjectName.Length - 2).Trim();
if (sql.Substring(0, 1).ToUpper() != "(")
{
return(false);
}
pos = sql.IndexOf(')');
if (pos == -1)
{
return(false);
}
sql = sql.Substring(pos + 1).Trim();
if (sql.Substring(0, 6).ToUpper() != "VALUES")
{
return(false);
}
sql = sql.Substring(6).Trim();
if (sql.Substring(0, 1).ToUpper() != "(")
{
return(false);
}
pos = sql.IndexOf(')');
if (pos == -1)
{
return(false);
}
break;
case "Update":
if (sql.Substring(1, query.ObjectName.Length).ToUpper() != query.ObjectName.ToUpper())
{
return(false);
}
sql = sql.Substring(query.ObjectName.Length + 2, sql.Length - query.ObjectName.Length - 2).Trim();
if (sql.Substring(0, 3).ToUpper() != "SET")
{
return(false);
}
pos = sql.IndexOf("WHERE");
if (pos == -1)
{
return(false);
}
break;
case "Delete":
if (sql.Substring(0, 4).ToUpper() != "FROM")
{
return(false);
}
sql = sql.Substring(4).Trim();
if (sql.Substring(1, query.ObjectName.Length).ToUpper() != query.ObjectName.ToUpper())
{
return(false);
}
break;
case "Execute":
if (sql.Substring(0, 4).ToUpper() != "CALL")
{
return(false);
}
break;
case "DDLCommand":
if (sql.Substring(0, 11).ToUpper() != "CREATE USER" && sql.Substring(0, 5).ToUpper() != "GRANT" && sql.Substring(0, 12).ToUpper() != "SET PASSWORD")
{
return(false);
}
break;
}
return(true);
}
public static Boolean VerifyReplicationSQL(MySqlConnection conn, string dbName, QueryInfo query, ref string errorString)
{
/*string newString;
* newString = updateSingleQuote(query.CommandString);
* if (newString != query.CommandString)
* {
* query.CommandString = newString;
* UpdateReplicationSQL(conn, query, ref errorString);
* }
*
* if (CheckSQLInjectionAttacks(query.CommandString))
* {
* errorString = "SQL injection attack detected";
* return false;
* } */
if (!CheckSQLSyntax(query))
{
errorString = "Syntax error";
return(false);
}
if (query.CommandType == "Update" || query.CommandType == "Delete")
{
string[] primaryKey = new string[0];
GetPrimaryKey(conn, dbName, query.ObjectName, ref primaryKey, ref errorString);
if (!CheckWhereClause(query.CommandString, primaryKey))
{
errorString = "Insufficent Key(s) in Where Clause";
return(false);
}
}
return(true);
}
