如何检查节点中是否有任何字符串包含sql注入

问：

我们在 express 中创建了 API。我们的 API 正在接收有效负载作为 userInput，但有时任何用户都可以像这样输入一些 sql 注入作为 userInput

用户输入

    OR 1=1\n OR 1=0\n OR x=x\n OR x=y\n OR 1=1#\n OR 1=0#\n OR x=x#\n 
    OR x=y#\n OR 1=1-- \n OR 1=0-- \n OR x=x-- \n OR x=y-- \n OR 
    3409=3409 AND ('pytW' LIKE 'pytW\n OR 3409=3409 AND ('pytW' LIKE 
    'pytY\n HAVING 1=1\n HAVING 1=0\n HAVING 1=1#\n HAVING 1=0#\n 
    HAVING 1=1-- \n HAVING 1=0-- \n AND 1=1\n AND 1=0\n AND 1=1-- \n 
    AND 1=0-- \n AND 1=1#\n AND 1=0#\n AND 1=1 AND '%'='\n AND 1=0 
    AND '%'='\n AND 1083=1083 AND (1427=1427\n AND 7506=9091 AND 
    (5913=5913\n AND 1083=1083 AND ('1427=1427\n AND 7506=9091 AND 
    ('5913=5913\n AND 7300=7300 AND 'pKlZ'='pKlZ\n AND 7300=7300 AND 
    'pKlZ'='pKlY\n AND 7300=7300 AND ('pKlZ'='pKlZ\n AND 7300=7300 
    AND ('pKlZ'='pKlY\n AS INJECTX WHERE 1=1 AND 1=1\n AS INJECTX 
    WHERE 1=1 AND 1=0\n AS INJECTX WHERE 1=1 AND 1=1#\n AS INJECTX 
    WHERE 1=1 AND 1=0#\n AS INJECTX WHERE 1=1 AND 1=1--\n AS INJECTX 
    WHERE 1=1 AND 1=0--\n WHERE 1=1 AND 1=1\n WHERE 1=1 AND 1=0\n 
    WHERE 1=1 AND 1=1#\n WHERE 1=1 AND 1=0#\n WHERE 1=1 AND 1=1--\n 
    WHERE 1=1 AND 1=0--\n ORDER BY 1-- \n ORDER BY 2-- \n ORDER BY 3- 
    - \n ORDER BY 4-- \n ORDER BY 5-- \n ORDER BY 6-- \n ORDER BY 7-- 
    \n ORDER BY 8-- \n ORDER BY 9-- \n ORDER BY 10-- \n ORDER BY 11-- 
    \n ORDER BY 12-- \n ORDER BY 13-- \n ORDER BY 14-- \n ORDER BY 
    15-- \n ORDER BY 16-- \n ORDER BY 17-- \n ORDER BY 18-- \n ORDER 
    BY 19-- \n ORDER BY 20-- \n ORDER BY 21-- \n ORDER BY 22-- \n 
    ORDER BY 23-- \n ORDER BY 24-- \n ORDER BY 25-- \n ORDER BY 26-- 
    \n ORDER BY 27-- \n ORDER BY 28-- \n ORDER BY 29-- \n ORDER BY 
    30-- \n ORDER BY 31337-- \n ORDER BY 1# \n ORDER BY 2# \n ORDER 
    BY 3# \n ORDER BY 4# \n ORDER BY 5# \n ORDER BY 6# \n ORDER BY 7# 
    \n ORDER BY 8# \n ORDER BY 9# \n ORDER BY 10# \n ORDER BY 11# \n 
    ORDER BY 12# \n ORDER BY 13# \n ORDER BY 14# \n ORDER BY 15# \n 
    ORDER BY 16# \n ORDER BY 17# \n ORDER BY 18# \n ORDER BY 19# \n 
    ORDER BY 20# \n ORDER BY 21# \n ORDER BY 22# \n ORDER BY 23# \n 
    ORDER BY 24# \n ORDER BY 25# \n ORDER BY 26# \n ORDER BY 27# \n 
    ORDER BY 28# \n ORDER BY 29# \n ORDER BY 30#\n ORDER BY 31337#\n 
    ORDER BY 1 \n ORDER BY 2 \n ORDER BY 3 \n ORDER BY 4 \n ORDER BY 
    5 \n ORDER BY 6 \n ORDER BY 7 \n ORDER BY 8 \n ORDER BY 9 \n 
    ORDER BY 10 \n ORDER BY 11 \n ORDER BY 12 \n ORDER BY 13 \n ORDER 
    BY 14 \n ORDER BY 15 \n ORDER BY 16 \n ORDER BY 17 \n ORDER BY 18 
    \n ORDER BY 19 \n ORDER BY 20 \n ORDER BY 21 \n ORDER BY 22 \n 
    ORDER BY 23 \n ORDER BY 24 \n ORDER BY 25 \n ORDER BY 26 \n ORDER 
    BY 27 \n ORDER BY 28 \n ORDER BY 29 \n ORDER BY 30 \n ORDER BY 
    31337 \n RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e 
    ELSE 0x28 END)) AND 'Txws'='\n RLIKE (SELECT (CASE WHEN 
    (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 
    'Txws'='\nIF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl-- 
    \nIF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--\n%' AND 
    8310=8310 AND '%'='\n%' AND 8310=8311 AND '%'='\n and (select 
    substring(@@version,1,1))='X'\n and (select 
    substring(@@version,1,1))='M'\n and (select 
    substring(@@version,2,1))='i'\n and (select 
    substring(@@version,2,1))='y'\n and (select 
    substring(@@version,3,1))='c'\n and (select 
    substring(@@version,3,1))='S'\n and (select 
    substring(@@version,3,1))='X'

我想检查userInput是否像上面一样是sql注入，然后我想停止此类请求并且不想进一步处理。如何检查用户是否在我们的 API 中输入了 sql 注入作为 userInput