\.\./
\:\$
\$\{
(?i)(?:select.+(from|limit))
(?i)(?:(?:union(.*?)select))
(?i)(?:having|rongjitest)
(?i)(?:sleep\((\s*)(\d*)(\s*)\))
(?i)(?:benchmark\((.*)\,(.*)\))
(?i)(?:base64_decode\()
(?i)(?:(?:from\W+information_schema\W))
(?i)(?:(?:(?:current_)user|database|schema|connection_id)\s*\()
(?i)(?:(?:etc\/\W*passwd))
(?i)(?:into(\s+)+(?:dump|out)file\s*)
(?i)(?:group\s+by.+\()
(?i)(?:xwork.MethodAccessor)
(?i)(?:(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\()
(?i)(?:xwork\.MethodAccessor)
(?i)(?:(?:gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/)
(?i)(?:java\.lang)
(?i)(?:\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[)
(?i)(?:\<(?:iframe|script|body|img|layer|div|meta|style|base|object|input))
(?i)(?:(?:onmouseover|onerror|onload)\=)