sqlmap/plugins/dbms/mssqlserver/syntax.py at master · getcode2git/sqlmap

24 lines (18 loc) · 759 Bytes

#!/usr/bin/env python

"""

See the file 'doc/COPYING' for copying permission

"""

from plugins.generic.syntax import Syntax as GenericSyntax

class Syntax(GenericSyntax):

def __init__(self):

GenericSyntax.__init__(self)

@staticmethod

def escape(expression, quote=True):

"""

>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")

'SELECT CHAR(97)+CHAR(98)+CHAR(99)+CHAR(100)+CHAR(101)+CHAR(102)+CHAR(103)+CHAR(104) FROM foobar'

"""

def escaper(value):

return "+".join("%s(%d)" % ("CHAR" if ord(value[i]) < 256 else "NCHAR", ord(value[i])) for i in xrange(len(value)))

return Syntax._escape(expression, quote, escaper)

Provide feedback