MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / _escape

Method _escape

plugins/generic/syntax.py:25–44  ·  view source on GitHub ↗
(expression, quote=True, escaper=None)

Source from the content-addressed store, hash-verified

23
24 @staticmethod
25 def _escape(expression, quote=True, escaper=None):
26 retVal = expression
27
28 if quote:
29 for item in re.findall(r"'[^']*'+", expression):
30 original = item[1:-1]
31 if original:
32 if Backend.isDbms(DBMS.SQLITE) and "X%s" % item in expression:
33 continue
34 if re.search(r"\[(SLEEPTIME|RAND)", original) is None: # e.g. '[SLEEPTIME]' marker
35 replacement = escaper(original) if not conf.noEscape else original
36
37 if replacement != original:
38 retVal = retVal.replace(item, replacement)
39 elif len(original) != len(getBytes(original)) and "n'%s'" % original not in retVal and Backend.getDbms() in (DBMS.MYSQL, DBMS.PGSQL, DBMS.ORACLE, DBMS.MSSQL):
40 retVal = retVal.replace("'%s'" % original, "n'%s'" % original)
41 else:
42 retVal = escaper(expression)
43
44 return retVal
45
46 @staticmethod
47 def escape(expression, quote=True):

Callers 15

escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80
escapeMethod · 0.80

Calls 5

getBytesFunction · 0.90
isDbmsMethod · 0.80
searchMethod · 0.45
replaceMethod · 0.45
getDbmsMethod · 0.45

Tested by

no test coverage detected