mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 19:13:48 +03:00
Escaper
This commit is contained in:
parent
604694c0e5
commit
5b6c01d739
|
@ -16,18 +16,6 @@ class Syntax(GenericSyntax):
|
||||||
|
|
||||||
@staticmethod
|
@staticmethod
|
||||||
def escape(expression, quote=True):
|
def escape(expression, quote=True):
|
||||||
"""
|
|
||||||
TODO: Unsure of a method to escape. Perhaps RAWTOHEX/HEXTORAW functions?
|
|
||||||
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
|
|
||||||
'SELECT 'abcdefgh' FROM foobar'
|
|
||||||
"""
|
|
||||||
|
|
||||||
def escaper(value):
|
def escaper(value):
|
||||||
retVal = None
|
retVal = "||".join("CHAR(%d)" % ord(value[i]) for i in xrange(len(value)))
|
||||||
try:
|
|
||||||
retVal = "'%s'" % value
|
|
||||||
except UnicodeEncodeError:
|
|
||||||
retVal = "CONVERT(0x%s USING utf8)" % "".join("%.2x" % ord(_) for _ in utf8encode(value))
|
|
||||||
return retVal
|
return retVal
|
||||||
|
|
||||||
return Syntax._escape(expression, quote, escaper)
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user