minor improvement

lib/parse/cmdline.py

@@ -141,7 +141,7 @@ def cmdLineParser():
                            help="Test requests between two visits to a given safe url")
 
         request.add_option("--eval", dest="evalCode",
-                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(str(id)).hexdigest()\")")
+                           help="Evaluate provided Python code before the request (e.g. \"import hashlib;id2=hashlib.md5(id).hexdigest()\")")
 
         # Optimization options
         optimization = OptionGroup(parser, "Optimization", "These "

lib/request/connect.py

@@ -605,13 +605,15 @@ class Connect:
                             cookie = _randomizeParameter(cookie, randomParameter)
 
         if conf.evalCode:
+            delimiter = conf.pDel or "&"
             variables = {}
             originals = {}
 
-            if get:
+            for item in filter(None, (get, post)):
-                executeCode(get.replace("&", ";"), variables)
+                for part in item.split(delimiter):
-            if post:
+                    if '=' in part:
-                executeCode(post.replace("&", ";"), variables)
+                        name, value = part.split('=', 1)
+                        executeCode("%s='%s'" % (name, value), variables)
 
             originals.update(variables)
             executeCode(conf.evalCode, variables)
@@ -621,13 +623,13 @@ class Connect:
                     if isinstance(value, (basestring, int)):
                         value = unicode(value)
                         if '%s=' % name in (get or ""):
-                            get = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, get)
+                            get = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, get)
                         elif '%s=' % name in (post or ""):
-                            post = re.sub("(%s=)([^&]+)" % name, "\g<1>%s" % value, post)
+                            post = re.sub("((\A|\W)%s=)([^%s]+)" % (name, delimiter), "\g<1>%s" % value, post)
                         elif post:
-                            post += "&%s=%s" % (name, value)
+                            post += "%s%s=%s" % (delimiter, name, value)
                         else:
-                            get += "&%s=%s" % (name, value)
+                            get += "%s%s=%s" % (delimiter, name, value)
                 
         get = urlencode(get, limit=True)
         if post and place != PLACE.POST and hasattr(post, UNENCODED_ORIGINAL_VALUE):

sqlmap.conf

@@ -131,7 +131,7 @@ safUrl =
 saFreq = 0
 
 # Evaluate provided Python code before the request
-# Example: import hashlib;id2=hashlib.md5(str(id)).hexdigest()
+# Example: import hashlib;id2=hashlib.md5(id).hexdigest()
 evalCode =