2019-05-08 13:47:52 +03:00
#!/usr/bin/env python
2010-03-23 01:57:57 +03:00
"""
2020-12-31 13:46:27 +03:00
Copyright ( c ) 2006 - 2021 sqlmap developers ( http : / / sqlmap . org / )
2017-10-11 15:50:46 +03:00
See the file ' LICENSE ' for copying permission
2010-03-23 01:57:57 +03:00
"""
2019-05-03 14:20:15 +03:00
from lib . core . convert import getOrds
2019-06-04 15:44:06 +03:00
from plugins . generic . syntax import Syntax as GenericSyntax
2010-03-23 01:57:57 +03:00
class Syntax ( GenericSyntax ) :
@staticmethod
2013-01-18 18:40:37 +04:00
def escape ( expression , quote = True ) :
2013-03-11 17:58:05 +04:00
"""
2019-05-02 13:39:16 +03:00
>> > Syntax . escape ( " SELECT ' abcdefgh ' FROM foobar " ) == " SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+CHAR(101)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar "
True
>> > Syntax . escape ( u " SELECT ' abcd \xeb fgh ' FROM foobar " ) == " SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+NCHAR(235)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar "
True
2013-03-11 17:58:05 +04:00
"""
2013-01-20 16:45:58 +04:00
def escaper ( value ) :
2019-05-02 13:39:16 +03:00
return " + " . join ( " %s ( %d ) " % ( " CHAR " if _ < 128 else " NCHAR " , _ ) for _ in getOrds ( value ) )
2010-03-23 01:57:57 +03:00
2013-01-20 16:45:58 +04:00
return Syntax . _escape ( expression , quote , escaper )