def unescape(expression, quote=True):
if isDBMSVersionAtLeast('2.1'):
if quote:
while True:
index = expression.find("'")
if index == -1:
break
firstIndex = index + 1
index = expression[firstIndex:].find("'")
if index == -1:
raise SqlmapSyntaxException("Unenclosed ' in '%s'" %
expression)
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
unescaped = ""
for i in xrange(firstIndex, lastIndex):
unescaped += "ASCII_CHAR(%d)" % (ord(expression[i]))
if i < lastIndex - 1:
unescaped += "||"
expression = expression.replace(old, unescaped)
else:
unescaped = "".join("ASCII_CHAR(%d)||" % ord(c)
for c in expression)
if unescaped[-1] == "||":
unescaped = unescaped[:-1]
expression = unescaped
return expression
def unescape(expression, quote=True):
if isDBMSVersionAtLeast('2.1'):
if quote:
while True:
index = expression.find("'")
if index == -1:
break
firstIndex = index + 1
index = expression[firstIndex:].find("'")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression
lastIndex = firstIndex + index
old = "'%s'" % expression[firstIndex:lastIndex]
unescaped = ""
for i in range(firstIndex, lastIndex):
unescaped += "ASCII_CHAR(%d)" % (ord(expression[i]))
if i < lastIndex - 1:
unescaped += "||"
expression = expression.replace(old, unescaped)
else:
unescaped = "".join("ASCII_CHAR(%d)||" % ord(c) for c in expression)
if unescaped[-1] == "||":
unescaped = unescaped[:-1]
expression = unescaped
return expression
def escape(expression, quote=True):
"""
>>> from lib.core.common import Backend
>>> Backend.setVersion('12.10')
['12.10']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
'SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar'
"""
def escaper(value):
return "||".join("CHR(%d)" % ord(_) for _ in value)
retVal = expression
if isDBMSVersionAtLeast("11.70"):
excluded = {}
for _ in re.findall(r"DBINFO\([^)]+\)", expression):
excluded[_] = randomStr()
expression = expression.replace(_, excluded[_])
retVal = Syntax._escape(expression, quote, escaper)
for _ in excluded.items():
retVal = retVal.replace(_[1], _[0])
return retVal
def unescape(expression, quote=True):
if isDBMSVersionAtLeast('3'):
if quote:
expression = expression.replace("'", "''")
while True:
index = expression.find("''")
if index == -1:
break
firstIndex = index + 2
index = expression[firstIndex:].find("''")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace("''", "'")
lastIndex = firstIndex + index
old = "''%s''" % expression[firstIndex:lastIndex]
unescaped = ""
for i in xrange(firstIndex, lastIndex):
unescaped += "X'%x'" % ord(expression[i])
if i < lastIndex - 1:
unescaped += "||"
#unescaped += ")"
expression = expression.replace(old, unescaped)
expression = expression.replace("''", "'")
else:
expression = "||".join("X'%x" % ord(c) for c in expression)
return expression
def escape(expression, quote=True):
"""
>>> from lib.core.common import Backend
>>> Backend.setVersion('12.10')
['12.10']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
'SELECT CHR(97)||CHR(98)||CHR(99)||CHR(100)||CHR(101)||CHR(102)||CHR(103)||CHR(104) FROM foobar'
"""
def escaper(value):
return "||".join("CHR(%d)" % ord(_) for _ in value)
retVal = expression
if isDBMSVersionAtLeast("11.70"):
excluded = {}
for _ in re.findall(r"DBINFO\([^)]+\)", expression):
excluded[_] = randomStr()
expression = expression.replace(_, excluded[_])
retVal = Syntax._escape(expression, quote, escaper)
for _ in excluded.items():
retVal = retVal.replace(_[1], _[0])
return retVal
def unescape(expression, quote=True):
if isDBMSVersionAtLeast('3'):
if quote:
expression = expression.replace("'", "''")
while True:
index = expression.find("''")
if index == -1:
break
firstIndex = index + 2
index = expression[firstIndex:].find("''")
if index == -1:
raise sqlmapSyntaxException, "Unenclosed ' in '%s'" % expression.replace(
"''", "'")
lastIndex = firstIndex + index
old = "''%s''" % expression[firstIndex:lastIndex]
unescaped = ""
for i in range(firstIndex, lastIndex):
unescaped += "X'%x'" % ord(expression[i])
if i < lastIndex - 1:
unescaped += "||"
#unescaped += ")"
expression = expression.replace(old, unescaped)
expression = expression.replace("''", "'")
else:
expression = "||".join("X'%x" % ord(c) for c in expression)
return expression
def escape(expression, quote=True):
def escaper(value):
return "CAST(X'%s' AS TEXT)" % binascii.hexlify(value)
retVal = expression
if isDBMSVersionAtLeast("3"):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
def escaper(value):
return "||".join("ASCII_CHAR(%d)" % ord(_) for _ in value)
retVal = expression
if isDBMSVersionAtLeast('2.1'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
def escaper(value):
return "X'%s'" % binascii.hexlify(value)
retVal = expression
if isDBMSVersionAtLeast('3'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
def escaper(value):
# Reference: http://stackoverflow.com/questions/3444335/how-do-i-quote-a-utf-8-string-literal-in-sqlite3
return "CAST(X'%s' AS TEXT)" % binascii.hexlify(value.encode(UNICODE_ENCODING) if isinstance(value, unicode) else value)
retVal = expression
if isDBMSVersionAtLeast('3'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def nullAndCastField(self, field):
"""
Take in input a field string and return its processed nulled and
casted field string.
Examples:
MySQL input: VERSION()
MySQL output: IFNULL(CAST(VERSION() AS CHAR(10000)), ' ')
MySQL scope: VERSION()
PostgreSQL input: VERSION()
PostgreSQL output: COALESCE(CAST(VERSION() AS CHARACTER(10000)), ' ')
PostgreSQL scope: VERSION()
Oracle input: banner
Oracle output: NVL(CAST(banner AS VARCHAR(4000)), ' ')
Oracle scope: SELECT banner FROM v$version WHERE ROWNUM=1
Microsoft SQL Server input: @@VERSION
Microsoft SQL Server output: ISNULL(CAST(@@VERSION AS VARCHAR(8000)), ' ')
Microsoft SQL Server scope: @@VERSION
@param field: field string to be processed
@type field: C{str}
@return: field string nulled and casted
@rtype: C{str}
"""
nulledCastedField = field
if field:
rootQuery = queries[Backend.getIdentifiedDbms()]
if field.startswith("(CASE") or field.startswith(
"(IIF") or conf.noCast:
nulledCastedField = field
else:
if not (Backend.isDbms(DBMS.SQLITE)
and not isDBMSVersionAtLeast('3')):
nulledCastedField = rootQuery.cast.query % field
if Backend.getIdentifiedDbms() in (DBMS.ACCESS, ):
nulledCastedField = rootQuery.isnull.query % (
nulledCastedField, nulledCastedField)
else:
nulledCastedField = rootQuery.isnull.query % nulledCastedField
kb.binaryField = conf.binaryFields and field in conf.binaryFields.split(
',')
if conf.hexConvert or kb.binaryField:
nulledCastedField = self.hexConvertField(nulledCastedField)
return nulledCastedField
def escape(expression, quote=True):
unescaped = expression
if isDBMSVersionAtLeast('3'):
if quote:
for item in re.findall(r"'[^']+'", expression, re.S):
unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'")))
else:
unescaped = "X'%s'" % binascii.hexlify(expression)
return unescaped
def unescape(expression, quote=True):
unescaped = expression
if isDBMSVersionAtLeast('3'):
if quote:
for item in re.findall(r"'[^']+'", expression, re.S):
unescaped = unescaped.replace(item, "X'%s'" % binascii.hexlify(item.strip("'")))
else:
unescaped = "X'%s'" % binascii.hexlify(expression)
return unescaped
def nullAndCastField(self, field):
"""
Take in input a field string and return its processed nulled and
casted field string.
Examples:
MySQL input: VERSION()
MySQL output: IFNULL(CAST(VERSION() AS CHAR(10000)), ' ')
MySQL scope: VERSION()
PostgreSQL input: VERSION()
PostgreSQL output: COALESCE(CAST(VERSION() AS CHARACTER(10000)), ' ')
PostgreSQL scope: VERSION()
Oracle input: banner
Oracle output: NVL(CAST(banner AS VARCHAR(4000)), ' ')
Oracle scope: SELECT banner FROM v$version WHERE ROWNUM=1
Microsoft SQL Server input: @@VERSION
Microsoft SQL Server output: ISNULL(CAST(@@VERSION AS VARCHAR(8000)), ' ')
Microsoft SQL Server scope: @@VERSION
@param field: field string to be processed
@type field: C{str}
@return: field string nulled and casted
@rtype: C{str}
"""
nulledCastedField = field
if field:
rootQuery = queries[Backend.getIdentifiedDbms()]
if field.startswith("(CASE") or field.startswith("(IIF") or conf.noCast:
nulledCastedField = field
else:
if not (Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3')):
nulledCastedField = rootQuery.cast.query % field
if Backend.getIdentifiedDbms() in (DBMS.ACCESS,):
nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField)
else:
if rootQuery.isnull.query.count('%')==2:
nulledCastedField = rootQuery.isnull.query % (nulledCastedField,nulledCastedField)
else:
nulledCastedField = rootQuery.isnull.query % nulledCastedField
kb.binaryField = conf.binaryFields and field in conf.binaryFields.split(',')
if conf.hexConvert or kb.binaryField:
nulledCastedField = self.hexConvertField(nulledCastedField)
return nulledCastedField
def cleanupPayload(self, payload, origValue=None):
if payload is None:
return
replacements = (
("[DELIMITER_START]", kb.chars.start),
("[DELIMITER_STOP]", kb.chars.stop),
("[AT_REPLACE]", kb.chars.at),
("[SPACE_REPLACE]", kb.chars.space),
("[DOLLAR_REPLACE]", kb.chars.dollar),
("[HASH_REPLACE]", kb.chars.hash_),
("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT)
)
payload = reduce(lambda x, y: x.replace(y[0], y[1]), replacements, payload)
for _ in set(re.findall(r"(?i)\[RANDNUM(?:\d+)?\]", payload)):
payload = payload.replace(_, str(randomInt()))
for _ in set(re.findall(r"(?i)\[RANDSTR(?:\d+)?\]", payload)):
payload = payload.replace(_, randomStr())
if origValue is not None:
origValue = getUnicode(origValue)
if "[ORIGVALUE]" in payload:
payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue))
if "[ORIGINAL]" in payload:
payload = getUnicode(payload).replace("[ORIGINAL]", origValue)
if INFERENCE_MARKER in payload:
if Backend.getIdentifiedDbms() is not None:
inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace(INFERENCE_MARKER, inferenceQuery)
elif not kb.testMode:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise SqlmapNoneDataException(errMsg)
return payload
def cleanupPayload(self, payload, origValue=None):
if payload is None:
return
replacements = (
("[DELIMITER_START]", kb.chars.start),
("[DELIMITER_STOP]", kb.chars.stop),
("[AT_REPLACE]", kb.chars.at),
("[SPACE_REPLACE]", kb.chars.space),
("[DOLLAR_REPLACE]", kb.chars.dollar),
("[HASH_REPLACE]", kb.chars.hash_),
("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT)
)
payload = reduce(lambda x, y: x.replace(y[0], y[1]), replacements, payload)
for _ in set(re.findall(r"(?i)\[RANDNUM(?:\d+)?\]", payload)):
payload = payload.replace(_, str(randomInt()))
for _ in set(re.findall(r"(?i)\[RANDSTR(?:\d+)?\]", payload)):
payload = payload.replace(_, randomStr())
if origValue is not None:
origValue = getUnicode(origValue)
if "[ORIGVALUE]" in payload:
payload = getUnicode(payload).replace("[ORIGVALUE]", origValue if origValue.isdigit() else unescaper.escape("'%s'" % origValue))
if "[ORIGINAL]" in payload:
payload = getUnicode(payload).replace("[ORIGINAL]", origValue)
if INFERENCE_MARKER in payload:
if Backend.getIdentifiedDbms() is not None:
inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace(INFERENCE_MARKER, inferenceQuery)
elif not kb.testMode:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise SqlmapNoneDataException(errMsg)
return payload
def cleanupPayload(self, payload, origValue=None):
if payload is None:
return
randInt = randomInt()
randInt1 = randomInt()
randStr = randomStr()
randStr1 = randomStr()
payload = payload.replace("[RANDNUM]", str(randInt))
payload = payload.replace("[RANDNUM1]", str(randInt1))
payload = payload.replace("[RANDSTR]", randStr)
payload = payload.replace("[RANDSTR1]", randStr1)
payload = payload.replace("[DELIMITER_START]", kb.chars.start)
payload = payload.replace("[DELIMITER_STOP]", kb.chars.stop)
payload = payload.replace("[AT_REPLACE]", kb.chars.at)
payload = payload.replace("[SPACE_REPLACE]", kb.chars.space)
payload = payload.replace("[DOLLAR_REPLACE]", kb.chars.dollar)
payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
if origValue is not None:
payload = payload.replace("[ORIGVALUE]", origValue)
if "[INFERENCE]" in payload:
if Backend.getIdentifiedDbms() is not None:
inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
else:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise sqlmapNoneDataException, errMsg
return payload
def cleanupPayload(self, payload, origValue=None):
if payload is None:
return
_ = (
("[DELIMITER_START]", kb.chars.start),
("[DELIMITER_STOP]", kb.chars.stop),
("[AT_REPLACE]", kb.chars.at),
("[SPACE_REPLACE]", kb.chars.space),
("[DOLLAR_REPLACE]", kb.chars.dollar),
("[HASH_REPLACE]", kb.chars.hash_),
)
payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
for _ in set(re.findall(r"\[RANDNUM(?:\d+)?\]", payload, re.I)):
payload = payload.replace(_, str(randomInt()))
for _ in set(re.findall(r"\[RANDSTR(?:\d+)?\]", payload, re.I)):
payload = payload.replace(_, randomStr())
if origValue is not None:
payload = payload.replace("[ORIGVALUE]", origValue if origValue.isdigit() else "'%s'" % origValue)
if "[INFERENCE]" in payload:
if Backend.getIdentifiedDbms() is not None:
inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
else:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise sqlmapNoneDataException, errMsg
return payload
def escape(expression, quote=True):
"""
>>> Backend.setVersion('2.0')
['2.0']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT 'abcdefgh' FROM foobar"
>>> Backend.setVersion('2.1')
['2.1']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
'SELECT ASCII_CHAR(97)||ASCII_CHAR(98)||ASCII_CHAR(99)||ASCII_CHAR(100)||ASCII_CHAR(101)||ASCII_CHAR(102)||ASCII_CHAR(103)||ASCII_CHAR(104) FROM foobar'
"""
def escaper(value):
return "||".join("ASCII_CHAR(%d)" % ord(_) for _ in value)
retVal = expression
if isDBMSVersionAtLeast("2.1"):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def cleanupPayload(self, payload, origValue=None):
if payload is None:
return
_ = (
("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
("[HASH_REPLACE]", kb.chars.hash_)
)
payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
for _ in set(re.findall(r"\[RANDNUM(?:\d+)?\]", payload, re.I)):
payload = payload.replace(_, str(randomInt()))
for _ in set(re.findall(r"\[RANDSTR(?:\d+)?\]", payload, re.I)):
payload = payload.replace(_, randomStr())
if origValue is not None:
payload = payload.replace(
"[ORIGVALUE]",
origValue if origValue.isdigit() else "'%s'" % origValue)
if "[INFERENCE]" in payload:
if Backend.getIdentifiedDbms() is not None:
inference = queries[Backend.getIdentifiedDbms()].inference
if "dbms_version" in inference:
if isDBMSVersionAtLeast(inference.dbms_version):
inferenceQuery = inference.query
else:
inferenceQuery = inference.query2
else:
inferenceQuery = inference.query
payload = payload.replace("[INFERENCE]", inferenceQuery)
else:
errMsg = "invalid usage of inference payload without "
errMsg += "knowledge of underlying DBMS"
raise SqlmapNoneDataException, errMsg
return payload
def escape(expression, quote=True):
"""
>>> Backend.setVersion('2.0')
['2.0']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT 'abcdefgh' FROM foobar"
>>> Backend.setVersion('2.1')
['2.1']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
'SELECT ASCII_CHAR(97)||ASCII_CHAR(98)||ASCII_CHAR(99)||ASCII_CHAR(100)||ASCII_CHAR(101)||ASCII_CHAR(102)||ASCII_CHAR(103)||ASCII_CHAR(104) FROM foobar'
"""
def escaper(value):
return "||".join("ASCII_CHAR(%d)" % ord(_) for _ in value)
retVal = expression
if isDBMSVersionAtLeast("2.1"):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
"""
>>> from lib.core.common import Backend
>>> Backend.setVersion('2.0')
['2.0']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT 'abcdefgh' FROM foobar"
True
>>> Backend.setVersion('2.1')
['2.1']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar") == "SELECT ASCII_CHAR(97)||ASCII_CHAR(98)||ASCII_CHAR(99)||ASCII_CHAR(100)||ASCII_CHAR(101)||ASCII_CHAR(102)||ASCII_CHAR(103)||ASCII_CHAR(104) FROM foobar"
True
"""
def escaper(value):
return "||".join("ASCII_CHAR(%d)" % _ for _ in getOrds(value))
retVal = expression
if isDBMSVersionAtLeast("2.1"):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
"""
>>> Backend.setVersion('2')
['2']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT 'abcdefgh' FROM foobar"
>>> Backend.setVersion('3')
['3']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT CAST(X'6162636465666768' AS TEXT) FROM foobar"
"""
def escaper(value):
# Reference: http://stackoverflow.com/questions/3444335/how-do-i-quote-a-utf-8-string-literal-in-sqlite3
return "CAST(X'%s' AS TEXT)" % binascii.hexlify(value.encode(UNICODE_ENCODING) if isinstance(value, unicode) else value)
retVal = expression
if isDBMSVersionAtLeast('3'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
"""
>>> from lib.core.common import Backend
>>> Backend.setVersion('2')
['2']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT 'abcdefgh' FROM foobar"
>>> Backend.setVersion('3')
['3']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT CAST(X'6162636465666768' AS TEXT) FROM foobar"
"""
def escaper(value):
# Reference: http://stackoverflow.com/questions/3444335/how-do-i-quote-a-utf-8-string-literal-in-sqlite3
return "CAST(X'%s' AS TEXT)" % binascii.hexlify(getBytes(value))
retVal = expression
if isDBMSVersionAtLeast('3'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
"""
>>> from lib.core.common import Backend
>>> Backend.setVersion('2')
['2']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT 'abcdefgh' FROM foobar"
>>> Backend.setVersion('3')
['3']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT CAST(X'6162636465666768' AS TEXT) FROM foobar"
"""
def escaper(value):
# Reference: http://stackoverflow.com/questions/3444335/how-do-i-quote-a-utf-8-string-literal-in-sqlite3
return "CAST(X'%s' AS TEXT)" % binascii.hexlify(getBytes(value))
retVal = expression
if isDBMSVersionAtLeast('3'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
def escape(expression, quote=True):
"""
>>> Backend.setVersion('2')
['2']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT 'abcdefgh' FROM foobar"
>>> Backend.setVersion('3')
['3']
>>> Syntax.escape("SELECT 'abcdefgh' FROM foobar")
"SELECT CAST(X'6162636465666768' AS TEXT) FROM foobar"
"""
def escaper(value):
# Reference: http://stackoverflow.com/questions/3444335/how-do-i-quote-a-utf-8-string-literal-in-sqlite3
return "CAST(X'%s' AS TEXT)" % binascii.hexlify(
value.encode(UNICODE_ENCODING) if isinstance(value, unicode
) else value)
retVal = expression
if isDBMSVersionAtLeast('3'):
retVal = Syntax._escape(expression, quote, escaper)
return retVal
