sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Escaper

Browse Source
This commit is contained in:
Meatballs 2013-06-24 23:41:45 +01:00
parent 604694c0e5
commit 5b6c01d739
1 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
plugins/dbms/hsql/syntax.py
View File

@ -16,18 +16,6 @@ class Syntax(GenericSyntax):
@staticmethod @staticmethod
def escape(expression, quote=True): def escape(expression, quote=True):
"""
TODO: Unsure of a method to escape. Perhaps RAWTOHEX/HEXTORAW functions?
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
'SELECT 'abcdefgh' FROM foobar'
"""
def escaper(value): def escaper(value):
retVal = None retVal = "||".join("CHAR(%d)" % ord(value[i]) for i in xrange(len(value)))
try:
retVal = "'%s'" % value
except UnicodeEncodeError:
retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value))
return retVal return retVal
return Syntax._escape(expression, quote, escaper)