sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b)

Browse Source
This commit is contained in:
Miroslav Stampar 2013-02-18 15:18:53 +01:00
parent f817105db3
commit 7f293afe74
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/common.py
View File

@ -2820,6 +2820,8 @@ def safeSQLIdentificatorNaming(name, isTable=False):
retVal = "`%s`" % retVal.strip("`")
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
retVal = "\"%s\"" % retVal.strip("\"")
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
retVal = "\"%s\"" % retVal.strip("\"").upper()
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,):
retVal = "[%s]" % retVal.strip("[]")
@ -2838,8 +2840,10 @@ def unsafeSQLIdentificatorNaming(name):
if isinstance(name, basestring):
if Backend.getIdentifiedDbms() in (DBMS.MYSQL, DBMS.ACCESS):
retVal = name.replace("`", "")
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.PGSQL, DBMS.DB2):
elif Backend.getIdentifiedDbms() in (DBMS.PGSQL, DBMS.DB2):
retVal = name.replace("\"", "")
elif Backend.getIdentifiedDbms() in (DBMS.ORACLE,):
retVal = name.replace("\"", "").upper()
elif Backend.getIdentifiedDbms() in (DBMS.MSSQL,):
retVal = name.replace("[", "").replace("]", "")