module Ronin::SQL

Provides a Domain Specific Language (DSL) for crafting complex {StatementList SQL} and SQL {Injection Injections} (SQLi).

@see en.wikipedia.org/wiki/SQL_injection

Constants

VERSION

Ronin SQL version

Public Instance Methods

sql(&block) click to toggle source

Creates a new SQL statement list.

@yield [(statements)]

If a block is given, it will be evaluated within the statement list.
If the block accepts an argument, the block will be called with the
new statement list.

@yieldparam [StatementList] statements

The new statement list.

@return [StatementList]

The new SQL statement list.

@example

sql { select(1,2,3,4,id).from(users) }
# => #<Ronin::SQL::StatementList: SELECT (1,2,3,4,id) FROM users>

@api public

# File lib/ronin/sql/sql.rb, line 55
def sql(&block)
  StatementList.new(&block)
end
sqli(options={},&block) click to toggle source

Creates a new SQL injection (SQLi)

@param [Hash] options

Additional injection options.

@option options [:integer, :decimal, :string, :column] :escape

The type of element to escape out of.

@option options [Boolean] :terminate

Specifies whether to terminate the SQLi with a comment.

@option options [String, Symbol, Integer] :place_holder

Place-holder data.

@yield [(injection)]

If a block is given, it will be evaluated within the injection.
If the block accepts an argument, the block will be called with the
new injection.

@yieldparam [Injection] injection

The new injection.

@return [Injection]

The new SQL injection.

@example

sqli { self.and { 1 == 1 }.select(1,2,3,4,id).from(users) }
# => #<Ronin::SQL::Injection: 1 AND 1=1; SELECT (1,2,3,4,id) FROM users; SELECT (1,2,3,4,id) FROM users>

@api public

# File lib/ronin/sql/sql.rb, line 91
def sqli(options={},&block)
  Injection.new(options,&block)
end