MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / escape

Method escape

plugins/dbms/mysql/syntax.py:17–31  ·  view source on GitHub ↗

>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 0x6162636465666768 FROM foobar" True >>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CONVERT(0x61626364c3ab666768 USING utf8) FROM foobar" True

(expression, quote=True)

Source from the content-addressed store, hash-verified

15class Syntax(GenericSyntax):
16 @staticmethod
17 def escape(expression, quote=True):
18 """
19 >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 0x6162636465666768 FROM foobar"
20 True
21 >>> Syntax.escape(u"SELECT 'abcd\xebfgh' FROM foobar") == "SELECT CONVERT(0x61626364c3ab666768 USING utf8) FROM foobar"
22 True
23 """
24
25 def escaper(value):
26 if all(_ < 128 for _ in getOrds(value)):
27 return "0x%s" % getUnicode(binascii.hexlify(getBytes(value)))
28 else:
29 return "CONVERT(0x%s USING utf8)" % getUnicode(binascii.hexlify(getBytes(value, "utf8")))
30
31 return Syntax._escape(expression, quote, escaper)

Callers

nothing calls this directly

Calls 1

_escapeMethod · 0.80

Tested by

no test coverage detected