MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / escape

Method escape

plugins/dbms/postgresql/syntax.py:13–25  ·  view source on GitHub ↗

Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing) e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text") >>> Syntax.escape("SELECT 'abcdefgh' FROM

(expression, quote=True)

Source from the content-addressed store, hash-verified

11class Syntax(GenericSyntax):
12 @staticmethod
13 def escape(expression, quote=True):
14 """
15 Note: PostgreSQL has a general problem with concenation operator (||) precedence (hence the parentheses enclosing)
16 e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
17
18 >>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT (CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104)) FROM foobar"
19 True
20 """
21
22 def escaper(value):
23 return "(%s)" % "||".join("CHR(%d)" % _ for _ in getOrds(value)) # Postgres CHR() function already accepts Unicode code point of character(s)
24
25 return Syntax._escape(expression, quote, escaper)

Callers

nothing calls this directly

Calls 1

_escapeMethod · 0.80

Tested by

no test coverage detected