Parse the values and field names in where clause

Parse the values and field names in where/having clause, or check that the user has specified specific columns in the where clause, this information can be used to code a parameterized query then protect/detect SQL injection.

the sample SQL statement that needed to be parsed was:

SELECT firstname,
FROM   Clients
WHERE  State = "CA"
       AND City = "Hollywood" 

The result you may wanted to achieve was similar to this:

column: State
Operator: =
value: "CA"

column: City
Operator: =
value: "Hollywood"

Download this demo: C# demo, Java demo