test3

qqqq

if(token->token_id != TK_SQL_UPDATE && token->token_id != TK_SQL_SELECT){                snprintf(cmdfile, MAX_NAME_SIZE, "%s/%s", WORKDIR, "other_cmd.log");                g_mutex_lock(rep->other_cmd_mutex);                //free(str_tmp);        }else{                if(token->token_id == TK_SQL_SELECT ){                        snprintf(cmdfile, MAX_NAME_SIZE, "%s/%s", WORKDIR, "select.log");                        g_mutex_lock(rep->select_mutex);                }else{                        snprintf(cmdfile, MAX_NAME_SIZE, "%s/%s", WORKDIR, "update.log");                        g_mutex_lock(rep->update_mutex);                }        }

222

if (token->token_id == TK_SQL_DELETE) {                for (i = 2; i < len; ++i) {                        token_tmp = tokens->pdata[i];                        if (token_tmp->token_id == TK_SQL_WHERE) break;                }                if (i == len) return TRUE;        }

333

int mysqlsee_delete_err_msg(network_packet *packet, injection *inj){        uint8_t packet_status = *((packet->data)->str + 4);        uint16_t *error_code = ((packet->data)->str + 5);        int i;        guint32 size;        if (packet_status != 0xff)                return 0;        //*error_code = 0x00;        *error_code = ER_INVALID_CHARACTER_STRING;        g_string_truncate (packet->data, 13);        g_string_append(packet->data, "Invalid parameter, MYSQL is protected by SniperSQL from Grandhonor,please use it legally");        g_warning("return wrong result from cmd %s", (inj->query->str)+1);        send_abnormal_msg((inj->query->str)+1);        size = packet->data->len - 4;        for (i = 0; i < 3; i++) {                packet->data->str[i] = size & 0xff;                size >>= 8;        }

444

switch(token_tmp->token_id){case TK_STRING:g_string_append(rep->args, "STR");break;case TK_INTEGER:g_string_append(rep->args, "INT");break;case TK_FLOAT:g_string_append(rep->args, "FLT");break;default :g_string_append(rep->args, token_tmp->text->str);break;}

555

if(token_tmp->token_id == TK_SQL_SELECT || token_tmp->token_id == TK_SQL_UPDATE

 || token_tmp->token_id == TK_SQL_INSERT)                        sql_mode_parse(&rep, tokens);                else                        g_string_append(rep.args,&(packets->str[1]));

666

GPtrArray *tokens = sql_tokens_new();       sql_tokenizer(tokens, packets->str, packets->len);

for (i = 0; NULL != (packet = g_queue_peek_nth(recv_sock->recv_queue->chunks, i)); i++) {g_string_append_len(packets, packet->str + NET_HEADER_SIZE, packet->len - NET_HEADER_SIZE);     }