Move back

src/sql_injection/detect_sql_injection.rs

@@ -19,14 +19,6 @@ pub fn detect_sql_injection_str(query: &str, userinput: &str, dialect: i32) -> b
         return false;
     }
 
-    // Remove leading and trailing spaces from user input
-    let trimmed_userinput = userinput.trim_matches(SPACE_CHAR);
-
-    if trimmed_userinput.len() <= 1 {
-        // If the trimmed user input is one character or empty, no injection took place.
-        return false;
-    }
-
     // Tokenize query :
     let tokens = tokenize_with_fallback(query, dialect);
     if tokens.len() <= 0 {
@@ -48,6 +40,14 @@ pub fn detect_sql_injection_str(query: &str, userinput: &str, dialect: i32) -> b
         return false;
     }
 
+    // Remove leading and trailing spaces from user input
+    let trimmed_userinput = userinput.trim_matches(SPACE_CHAR);
+
+    if trimmed_userinput.len() <= 1 {
+        // If the trimmed user input is one character or empty, no injection took place.
+        return false;
+    }
+
     // Replace user input with string of equal length and tokenize again :
     let query_without_input = replace_user_input_with_safe_str(query, userinput);
     let tokens_without_input = tokenize_with_fallback(query_without_input.as_str(), dialect);