Supporting Analysis of SQL Queries in PHP AiR

Jun 14, 2023·

Mark Hills

· 0 min read

PDF

Abstract

The code behind dynamic webpages often includes calls to database libraries, with queries formed using a combination of static text and values computed at runtime. In this presentation, I describe our work on a program analysis for extracting models of database queries that can compactly represent all queries that could be used in a specific database library call. I also describe our work on parsing partial queries, with holes representing parts of the query that are computed dynamically. Implemented in Rascal as part of the PHP AiR framework, the goal of this work is to enable empirical research on database usage in PHP scripts, to support developer tools for understanding existing queries, and to support program transformation tools to evolve existing systems and to improve the security of existing code.

Event

CWI Programming Environment Meeting (PEM) Colloquium

Location

CWI, Amsterdam, The Netherlands

Last updated on Jun 14, 2023

Authors

Mark Hills

Associate Professor

← Enabling Go Program Analysis in Rascal Oct 3, 2023

Introducing DevOps Techniques in a Software Construction Class Nov 11, 2020 →