Refactoring DBMS string escaping functions

2025-12-06 12:41:30 +00:00 · 2013-01-20 13:45:58 +01:00
parent 3b57fe2924
commit b4a55a809e
12 changed files with 52 additions and 206 deletions
--- a/plugins/generic/syntax.py
+++ b/plugins/generic/syntax.py
@@ -5,6 +5,8 @@ Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
 See the file 'doc/COPYING' for copying permission
 """

+import re
+
 from lib.core.exception import SqlmapUndefinedMethod

 class Syntax:
@@ -15,6 +17,18 @@ class Syntax:
    def __init__(self):
        pass

+    @staticmethod
+    def _escape(expression, quote=True, escaper=None):
+        retVal = expression
+
+        if quote:
+            for item in re.findall(r"'[^']+'", expression, re.S):
+                retVal = retVal.replace(item, escaper(item[1:-1]))
+        else:
+            retVal = escaper(expression)
+
+        return retVal
+
    @staticmethod
    def escape(expression, quote=True):
        errMsg = "'escape' method must be defined "