Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Minor layout adjustments.
2026-01-23 14:49:03 +00:00 · 2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
--- a/lib/core/dump.py
+++ b/lib/core/dump.py
@@ -92,7 +92,7 @@ class Dump:
            if isinstance(element, str):
                self.__write("[*] %s" % element)
            elif isinstance(element, (list, tuple, set)):
-                self.__write("[*] " + ", ".join(e for e in element))
+                self.__write("[*] " + ", ".join(str(e) for e in element))

        if elements:
            self.__write("")
@@ -321,11 +321,11 @@ class Dump:
                    info = tableValues[column]
                    value = info["values"][i]

-                    if re.search("^[\ *]*$", value):
+                    if re.search("^[\ *]*$", str(value)):
                        value = "NULL"

                    maxlength = int(info["length"])
-                    blank = " " * (maxlength - len(value))
+                    blank = " " * (maxlength - len(str(value)))
                    self.__write("| %s%s" % (value, blank), n=False)

                    if not conf.multipleTargets and field == fields: