You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
e.g. SELECT 1 WHERE 'a'!='a'||'b' will trigger error ("argument of WHERE must be type boolean, not type text")
20
19
"""
21
20
22
-
ifquote:
23
-
whileTrue:
24
-
index=expression.find("'")
25
-
ifindex==-1:
26
-
break
21
+
defescaper(value):
22
+
return"(%s)"%"||".join("CHR(%d)"%ord(_) for_invalue) # Postgres CHR() function already accepts Unicode code point of character(s)
27
23
28
-
firstIndex=index+1
29
-
index=expression[firstIndex:].find("'")
30
-
31
-
ifindex==-1:
32
-
raiseSqlmapSyntaxException("Unenclosed ' in '%s'"%expression)
33
-
34
-
lastIndex=firstIndex+index
35
-
old="'%s'"%expression[firstIndex:lastIndex]
36
-
unescaped="(%s)"%"||".join("CHR(%d)"% (ord(expression[i])) foriinxrange(firstIndex, lastIndex)) # Postgres CHR() function already accepts Unicode code point of character(s)
0 commit comments