GSam
diff --git a/Collapse file
‎doc/ChangeLog‎
Copy file name to clipboardExpand all lines: doc/ChangeLog
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎doc/ChangeLog‎
Copy file name to clipboardExpand all lines: doc/ChangeLog
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/Collapse file
‎doc/README.html‎
Copy file name to clipboardExpand all lines: doc/README.html
+17-6Lines changed: 17 additions & 6 deletions b/Collapse file
‎doc/README.html‎
Copy file name to clipboardExpand all lines: doc/README.html
+17-6Lines changed: 17 additions & 6 deletions
diff --git a/Collapse file
‎doc/README.pdf‎
Copy file name to clipboard
713 Bytes b/Collapse file
‎doc/README.pdf‎
Copy file name to clipboard
713 Bytes
diff --git a/Collapse file
‎doc/README.sgml‎
Copy file name to clipboardExpand all lines: doc/README.sgml
+18-6Lines changed: 18 additions & 6 deletions b/Collapse file
‎doc/README.sgml‎
Copy file name to clipboardExpand all lines: doc/README.sgml
+18-6Lines changed: 18 additions & 6 deletions
diff --git a/Collapse file
‎lib/core/settings.py‎
Copy file name to clipboardExpand all lines: lib/core/settings.py
+1-1Lines changed: 1 addition & 1 deletion b/Collapse file
‎lib/core/settings.py‎
Copy file name to clipboardExpand all lines: lib/core/settings.py
+1-1Lines changed: 1 addition & 1 deletion
@@ -27,7 +27,7 @@ sqlmap (0.6.4-1) stable; urgency=low
     provided;
   * Updated documentation.
 
- -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Day, DD MMM 2009 10:00:00 +0000
+ -- Bernardo Damele A. G. <bernardo.damele@gmail.com>  Tue,  3 Feb 2009 23:30:00 +0000
 
 sqlmap (0.6.3-1) stable; urgency=low
 
 
@@ -8,7 +8,7 @@
 <H1>sqlmap user's manual</H1>
 
 <H2>by 
-<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A></H2>version 0.6.4, DDth of MMM 2009
+<A HREF="mailto:bernardo.damele@gmail.com">Bernardo Damele A. G.</A></H2>version 0.6.4, 3rd of February 2009
 <HR>
 <EM>This document is the user's manual to use 
 <A HREF="http://sqlmap.sourceforge.net">sqlmap</A>.
@@ -407,7 +407,7 @@ <H2><A NAME="s5">5.</A> <A HREF="#toc5">Usage</A></H2>
 
     sqlmap/0.6.4 coded by Bernardo Damele A. G. &lt;bernardo.damele@gmail.com>
                       and Daniele Bellucci &lt;daniele.bellucci@gmail.com>
-
+    
 Usage: sqlmap.py [options]
 
 Options:
@@ -3801,28 +3801,39 @@ <H3>Run your own SQL statement</H3>
 sql> SELECT COUNT(name) FROM users
 [10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
 [10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
-[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
+[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) 
+FROM users
 [10:11:59] [INFO] retrieved: 4
 [10:11:59] [INFO] performed 13 queries in 0 seconds
 SELECT COUNT(name) FROM users:    '4'
 
 sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
 [10:12:35] [INFO] testing stacked queries support on parameter 'id'
 [10:12:40] [INFO] the web application supports stacked queries on parameter 'id'
-[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');'
+[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) 
+VALUES (5, 'from', 'sql shell');'
 [10:12:40] [INFO] done
 sql> SELECT COUNT(name) FROM users
 [10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
 [10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
-[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
+[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) 
+FROM users
 [10:12:53] [INFO] retrieved: 5
 [10:12:54] [INFO] performed 20 queries in 0 seconds
 SELECT COUNT(name) FROM users:    '5'
 </PRE>
 </CODE></BLOCKQUOTE>
 </P>
 
-<P>TODO</P>
+<P>As you can see from this last example, when the user provides a SQL
+statement other than <CODE>SELECT</CODE>, sqlmap recognizes it, tests if the
+web application supports stacked queries and in case it does, it executes
+the provided SQL statement in a multiple statement.</P>
+
+<P>Beware that some web application technologies do not support stacked
+queries on specific database management systems. For instance, PHP does not
+support stacked queries when the back-end DBMS is MySQL, but it does
+support when the back-end DBMS is PostgreSQL.</P>
 
 
 <H2><A NAME="ss5.8">5.8</A> <A HREF="#toc5.8">File system access</A>
 
@@ -4,7 +4,7 @@
 
 <title>sqlmap user's manual
 <author>by <htmlurl url="mailto:bernardo.damele@gmail.com" name="Bernardo Damele A. G.">
-<date>version 0.6.4, DDth of MMM 2009
+<date>version 0.6.4, 3rd of February 2009
 <abstract>
 This document is the user's manual to use <htmlurl url="http://sqlmap.sourceforge.net" name="sqlmap">.
 Check the project <htmlurl url="http://sqlmap.sourceforge.net" name="homepage">
@@ -362,7 +362,7 @@ $ python sqlmap.py -h
 
     sqlmap/0.6.4 coded by Bernardo Damele A. G. <bernardo.damele@gmail.com>
                       and Daniele Bellucci <daniele.bellucci@gmail.com>
-
+    
 Usage: sqlmap.py [options]
 
 Options:
@@ -3698,27 +3698,39 @@ back-end DBMS: PostgreSQL
 sql> SELECT COUNT(name) FROM users
 [10:11:57] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
 [10:11:57] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
-[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
+[10:11:59] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) 
+FROM users
 [10:11:59] [INFO] retrieved: 4
 [10:11:59] [INFO] performed 13 queries in 0 seconds
 SELECT COUNT(name) FROM users:    '4'
 
 sql> INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');
 [10:12:35] [INFO] testing stacked queries support on parameter 'id'
 [10:12:40] [INFO] the web application supports stacked queries on parameter 'id'
-[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) VALUES (5, 'from', 'sql shell');'
+[10:12:40] [INFO] executing SQL data manipulation query: 'INSERT INTO users (id, name, surname) 
+VALUES (5, 'from', 'sql shell');'
 [10:12:40] [INFO] done
 sql> SELECT COUNT(name) FROM users
 [10:12:51] [INFO] fetching SQL SELECT statement query output: 'SELECT COUNT(name) FROM users'
 [10:12:51] [INPUT] can the SQL query provided return multiple entries? [Y/n] n
-[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) FROM users
+[10:12:53] [INFO] query: SELECT COALESCE(CAST(COUNT(name) AS CHARACTER(10000)), CHR(32)) 
+FROM users
 [10:12:53] [INFO] retrieved: 5
 [10:12:54] [INFO] performed 20 queries in 0 seconds
 SELECT COUNT(name) FROM users:    '5'
 </verb></tscreen>
 
 <p>
-TODO
+As you can see from this last example, when the user provides a SQL
+statement other than <tt>SELECT</tt>, sqlmap recognizes it, tests if the
+web application supports stacked queries and in case it does, it executes
+the provided SQL statement in a multiple statement.
+
+<p>
+Beware that some web application technologies do not support stacked
+queries on specific database management systems. For instance, PHP does not
+support stacked queries when the back-end DBMS is MySQL, but it does
+support when the back-end DBMS is PostgreSQL.
 
 
 <sect1>File system access
 
@@ -30,7 +30,7 @@
 
 
 # sqlmap version and site
-VERSION            = "0.6.4-rc6"
+VERSION            = "0.6.4"
 VERSION_STRING     = "sqlmap/%s" % VERSION
 SITE               = "http://sqlmap.sourceforge.net"