(expression, quote=True, escaper=None)
| 23 | |
| 24 | @staticmethod |
| 25 | def _escape(expression, quote=True, escaper=None): |
| 26 | retVal = expression |
| 27 | |
| 28 | if quote: |
| 29 | for item in re.findall(r"'[^']*'+", expression): |
| 30 | original = item[1:-1] |
| 31 | if original: |
| 32 | if Backend.isDbms(DBMS.SQLITE) and "X%s" % item in expression: |
| 33 | continue |
| 34 | if re.search(r"\[(SLEEPTIME|RAND)", original) is None: # e.g. '[SLEEPTIME]' marker |
| 35 | replacement = escaper(original) if not conf.noEscape else original |
| 36 | |
| 37 | if replacement != original: |
| 38 | retVal = retVal.replace(item, replacement) |
| 39 | elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL): |
| 40 | retVal = retVal.replace("'%s'" % original, "n'%s'" % original) |
| 41 | else: |
| 42 | retVal = escaper(expression) |
| 43 | |
| 44 | return retVal |
| 45 | |
| 46 | @staticmethod |
| 47 | def escape(expression, quote=True): |
no test coverage detected