Essentially, I'm working on a PHP-Based CMS and I'm looking to add an additional layer of security for the plugin infrastructure. Currently authors must secure their SQL clauses using traditional means, which is no problem.
The CMS accepts queries in seperate parts, and the WHERE clause is one part. As an added layer of security, what I would like to do is, before the WHERE clause is added to the statement, for the system to do a quick regex check to ensure the clause is valid.
The where clause is already has it's formula surrounded by brackets, so what I think would do it is simply ensuring...
There's an equal number of brackets outside of quotations
There are no hanging quotation marks
The first bracket is not a closing bracket
The last bracket is not an opening bracket
There are no comments
Remember, this is just an added layer in case a plugin author forgets his coffee and doesn't sanitize his inputs. Does this sound like a sane solution? And are there any regex statements that are similar to what I described? It's the one thing I'm terrible at.