sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-15 10:33:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update of docu

Browse Source
This commit is contained in:
stamparm 2013-04-04 10:36:42 +02:00
parent 123f0de473
commit 57f89367a4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Usage.md
View File

@ -651,13 +651,13 @@ In cases when sqlmap needs to invalidate original parameter value (e.g. `id=13`)
Switch: `--no-cast`
When retrieving results, sqlmap uses a mechanism where all entries are being casted to string type and replaced with a whitespace character in case of `NULL` values. That is being made to prevent any erroneous states (e.g. concatenation of `NULL` values with string values) and to easy the data retrieval process itself. Nevertheless, there are reported cases (e.g. older versions of MySQL DBMS) where this mechanism needed to be turned-off (using this switch) because of constant retrival of `None` values.
When retrieving results, sqlmap uses a mechanism where all entries are being casted to string type and replaced with a whitespace character in case of `NULL` values. That is being made to prevent any erroneous states (e.g. concatenation of `NULL` values with string values) and to easy the data retrieval process itself. Nevertheless, there are reported cases (e.g. older versions of MySQL DBMS) where this mechanism needed to be turned-off (using this switch) because of problems with data retrieval itself (e.g. `None` values are returned back).
### Turn off string escaping mechanism
Switch: `--no-escape`
In cases when sqlmap needs to use (single-quote delimited) string values inside payloads (e.g. `foobar`), those values are automatically being escaped (e.g. `CHAR(102)+CHAR(111)+CHAR(111)+CHAR(98)+CHAR(97)+CHAR(114)`). That is being done because of two things: obfuscation of payload content and preventing potential problems with query escaping mechanisms (e.g. `magic_quotes` and/or `mysql_real_escape_string`) at the backend server. User can use this switch to turn it off (e.g. to reduce payload size).
In cases when sqlmap needs to use (single-quote delimited) string values inside payloads (e.g. `SELECT 'foobar'`), those values are automatically being escaped (e.g. `SELECT CHAR(102)+CHAR(111)+CHAR(111)+CHAR(98)+CHAR(97)+CHAR(114)`). That is being done because of two things: obfuscation of payload content and preventing potential problems with query escaping mechanisms (e.g. `magic_quotes` and/or `mysql_real_escape_string`) at the backend server. User can use this switch to turn it off (e.g. to reduce payload size).
### Custom injection payload