diff --git a/apache2/libinjection/libinjection.h b/apache2/libinjection/libinjection.h
index 52e06793..c599e0ea 100644
--- a/apache2/libinjection/libinjection.h
+++ b/apache2/libinjection/libinjection.h
@@ -19,7 +19,7 @@ extern "C" {
  * See python's normalized version
  * http://www.python.org/dev/peps/pep-0386/#normalizedversion
  */
-#define LIBINJECTION_VERSION "3.6.0"
+#define LIBINJECTION_VERSION "3.7.0"
 
 /**
  * Libinjection's sqli module makes a "normalized"
diff --git a/apache2/libinjection/libinjection_sqli.c b/apache2/libinjection/libinjection_sqli.c
index 3eb8d002..d5d2806f 100644
--- a/apache2/libinjection/libinjection_sqli.c
+++ b/apache2/libinjection/libinjection_sqli.c
@@ -120,6 +120,23 @@ memchr2(const char *haystack, size_t haystack_len, char c0, char c1)
 }
 
 /**
+ * memchr might not exist on some systems
+ */
+static const char*
+my_memchr(const char* haystack, size_t hlen, int needle)
+{
+    const char* cur;
+    const char* last =  haystack + hlen;
+    for (cur = haystack; cur < last; ++cur) {
+        if (cur[0] == needle) {
+            return cur;
+        }
+    }
+    return NULL;
+}
+
+/**
+ * memmem might not exist on some systems
  */
 static const char *
 my_memmem(const char* haystack, size_t hlen, const char* needle, size_t nlen)
@@ -285,9 +302,11 @@ static void st_clear(stoken_t * st)
 static void st_assign_char(stoken_t * st, const char stype, size_t pos, size_t len,
                            const char value)
 {
+    /* done to elimiate unused warning */
+    (void)len;
     st->type = (char) stype;
     st->pos = pos;
-    st->len = len;
+    st->len = 1;
     st->val[0] = value;
     st->val[1] = CHAR_NULL;
 }
@@ -299,7 +318,7 @@ static void st_assign(stoken_t * st, const char stype,
     size_t last = len < MSIZE ? len : (MSIZE - 1);
     st->type = (char) stype;
     st->pos = pos;
-    st->len = len;
+    st->len = last;
     memcpy(st->val, value, last);
     st->val[last] = CHAR_NULL;
 }
@@ -857,6 +876,25 @@ static size_t parse_xstring(struct libinjection_sqli_state *sf)
     return pos + 2 + wlen + 1;
 }
 
+/**
+ * This handles MS SQLSERVER bracket words
+ * http://stackoverflow.com/questions/3551284/sql-serverwhat-do-brackets-mean-around-column-name
+ *
+ */
+static size_t parse_bword(struct libinjection_sqli_state * sf)
+{
+    const char *cs = sf->s;
+    size_t pos = sf->pos;
+    const char* endptr = my_memchr(cs + pos, sf->slen - pos, ']');
+    if (endptr == NULL) {
+        st_assign(sf->current, TYPE_BAREWORD, pos, sf->slen - pos, cs + pos);
+        return sf->slen;
+    } else {
+        st_assign(sf->current, TYPE_BAREWORD, pos, (endptr - cs) - pos + 1, cs + pos);
+        return (endptr - cs) + 1;
+    }
+}
+
 static size_t parse_word(struct libinjection_sqli_state * sf)
 {
     char ch;
@@ -865,7 +903,7 @@ static size_t parse_word(struct libinjection_sqli_state * sf)
     const char *cs = sf->s;
     size_t pos = sf->pos;
     size_t wlen = strlencspn(cs + pos, sf->slen - pos,
-                             " {}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
+                             " []{}<>:\\?=@!#~+-*/&|^%(),';\t\n\v\f\r\"\000");
 
     st_assign(sf->current, TYPE_BAREWORD, pos, wlen, cs + pos);
 
@@ -1720,8 +1758,7 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
                    (sf->tokenvec[left+2].type == TYPE_NUMBER ||
                     sf->tokenvec[left+2].type == TYPE_BAREWORD ||
                     sf->tokenvec[left+2].type == TYPE_VARIABLE ||
-                    sf->tokenvec[left+2].type == TYPE_STRING ||
-                    sf->tokenvec[left+2].type == TYPE_FUNCTION )) {
+                    sf->tokenvec[left+2].type == TYPE_STRING)) {
             /*
              * interesting case    turn ", -1"  ->> ",1" PLUS we need to back up
              * one token if possible to see if more folding can be done
@@ -1735,6 +1772,19 @@ int libinjection_sqli_fold(struct libinjection_sqli_state * sf)
             assert(pos >= 3);
             pos -= 3;
             continue;
+        } else if (sf->tokenvec[left].type == TYPE_COMMA &&
+                   st_is_unary_op(&sf->tokenvec[left+1]) &&
+                   sf->tokenvec[left+2].type == TYPE_FUNCTION) {
+
+            /* Seperate case from above since you end up with
+             * 1,-sin(1) --> 1 (1)
+             * Here, just do
+             * 1,-sin(1) --> 1,sin(1)
+             * just remove unary opartor
+             */
+            st_copy(&sf->tokenvec[left+1], &sf->tokenvec[left+2]);
+            pos -= 1;
+            continue;
         } else if ((sf->tokenvec[left].type == TYPE_BAREWORD) &&
                    (sf->tokenvec[left+1].type == TYPE_DOT) &&
                    (sf->tokenvec[left+2].type == TYPE_BAREWORD)) {
@@ -2132,10 +2182,10 @@ static int reparse_as_mysql(struct libinjection_sqli_state * sql_state)
 /*
  * This function is mostly use with SWIG
  */
-struct libinjection_sqli_token* libinjection_sqli_get_token(struct libinjection_sqli_state * sql_state,
-                                                            int i)
+struct libinjection_sqli_token*
+libinjection_sqli_get_token(struct libinjection_sqli_state * sql_state, int i)
 {
-    if (i < 0 || i > (int) strlen(sql_state->fingerprint)) {
+    if (i < 0 || i >  LIBINJECTION_SQLI_MAX_TOKENS) {
         return NULL;
     }
     return &(sql_state->tokenvec[i]);
diff --git a/apache2/libinjection/libinjection_sqli_data.h b/apache2/libinjection/libinjection_sqli_data.h
index a6bce734..8f2d2e97 100644
--- a/apache2/libinjection/libinjection_sqli_data.h
+++ b/apache2/libinjection/libinjection_sqli_data.h
@@ -30,6 +30,7 @@ static size_t parse_nqstring(sfilter * sf);
 static size_t parse_xstring(sfilter * sf);
 static size_t parse_bstring(sfilter * sf);
 static size_t parse_estring(sfilter * sf);
+static size_t parse_bword(sfilter * sf);
 
 
 typedef size_t (*pt2Function)(sfilter *sf);
@@ -125,7 +126,7 @@ static const pt2Function char_parse_map[] = {
    &parse_xstring, /* 88 */
    &parse_word, /* 89 */
    &parse_word, /* 90 */
-   &parse_other, /* 91 */
+   &parse_bword, /* 91 */
    &parse_backslash, /* 92 */
    &parse_other, /* 93 */
    &parse_operator1, /* 94 */
@@ -618,6 +619,8 @@ static const keyword_t sql_keywords[] = {
     {"01&VU;", 'F'},
     {"01&VUC", 'F'},
     {"01&VUE", 'F'},
+    {"01(EF(", 'F'},
+    {"01(EKF", 'F'},
     {"01(EKN", 'F'},
     {"01(ENK", 'F'},
     {"01(U(E", 'F'},
@@ -3833,6 +3836,7 @@ static const keyword_t sql_keywords[] = {
     {"0N(1OF", 'F'},
     {"0N(1OS", 'F'},
     {"0N(1OV", 'F'},
+    {"0N(EF(", 'F'},
     {"0N(EKN", 'F'},
     {"0N(ENK", 'F'},
     {"0N(F()", 'F'},
@@ -5525,6 +5529,8 @@ static const keyword_t sql_keywords[] = {
     {"0S&VU;", 'F'},
     {"0S&VUC", 'F'},
     {"0S&VUE", 'F'},
+    {"0S(EF(", 'F'},
+    {"0S(EKF", 'F'},
     {"0S(EKN", 'F'},
     {"0S(ENK", 'F'},
     {"0S(U(E", 'F'},
@@ -7713,6 +7719,8 @@ static const keyword_t sql_keywords[] = {
     {"0V&VU;", 'F'},
     {"0V&VUC", 'F'},
     {"0V&VUE", 'F'},
+    {"0V(EF(", 'F'},
+    {"0V(EKF", 'F'},
     {"0V(EKN", 'F'},
     {"0V(ENK", 'F'},
     {"0V(U(E", 'F'},
@@ -9871,5 +9879,5 @@ static const keyword_t sql_keywords[] = {
     {"||", '&'},
     {"~*", 'o'},
 };
-static const size_t sql_keywords_sz = 9705;
+static const size_t sql_keywords_sz = 9712;
 #endif