Startseite Erkunden Hilfe
Anmelden
8516
/
Test
1
0
Fork 0
Dateien Issues 0 Pull-Requests 0 Wiki
Branch: master
Branches Tags
Test
/
EVSE
/
GPL
/
php-5.6.40
/
ext
/
pdo_mysql
/
tests
/
bug41125.phpt

bug41125.phpt 4.5 KB
Permalink Verlauf Originalformat

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162 
  1. --TEST--
    2. 

  2. Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)
    3. 

  3. --SKIPIF--
    4. 

  4. <?php
    5. 

  5. require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
    6. 

  6. require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
    7. 

  7. MySQLPDOTest::skip();
    8. 

  8. 

  9. ?>
    10. 

  10. --FILE--
    11. 

  11. <?php
    12. 

  12. 

  13. require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
    14. 

  14. 

  15. $db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
    16. 

  16. 

  17. $search = "o'";
    18. 

  18. $sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%');
    19. 

  19. $stmt = $db->prepare($sql);
    20. 

  20. $stmt->execute();
    21. 

  21. print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
    22. 

  22. print implode(' - ', $stmt->errorinfo()) ."\n";
    23. 

  23. 

  24. print "-------------------------------------------------------\n";
    25. 

  25. 

  26. $queries = array(
    27. 

  27. 	"SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
    28. 

  28. 	"SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
    29. 

  29. 	"SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
    30. 

  30. 	"SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
    31. 

  31. );
    32. 

  32. 

  33. foreach ($queries as $k => $query) {
    34. 

  34. 	$stmt = $db->prepare($query);
    35. 

  35. 	$stmt->execute(array(1));
    36. 

  36. 	printf("[%d] Query: [[%s]]\n", $k + 1, $query);
    37. 

  37. 	print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
    38. 

  38. 	print implode(' - ', $stmt->errorinfo()) ."\n";
    39. 

  39. 	print "--------\n";
    40. 

  40. }
    41. 

  41. 

  42. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
    43. 

  43. $sql = "SELECT upper(:id) FROM DUAL WHERE '1'";
    44. 

  44. $stmt = $db->prepare($sql);
    45. 

  45. 

  46. $id = 'o\'\0';
    47. 

  47. $stmt->bindParam(':id', $id);
    48. 

  48. $stmt->execute();
    49. 

  49. printf("Query: [[%s]]\n", $sql);
    50. 

  50. print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
    51. 

  51. print implode(' - ', $stmt->errorinfo()) ."\n";
    52. 

  52. 

  53. print "-------------------------------------------------------\n";
    54. 

  54. 

  55. $queries = array(
    56. 

  56. 	"SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND  2 <> :id",
    57. 

  57. 	"SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id",
    58. 

  58. 	"SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id",
    59. 

  59. 	"SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id",
    60. 

  60. 	"SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
    61. 

  61. 	"SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
    62. 

  62. 	"SELECT UPPER(:id) FROM DUAL WHERE '1'",
    63. 

  63. 	"SELECT 1 FROM DUAL WHERE '\''",
    64. 

  64. 	"SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
    65. 

  65. 	"SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
    66. 

  66. 	"SELECT 1 FROM DUAL WHERE '\'' = ''''",
    67. 

  67. 	"SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
    68. 

  68. 	"SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
    69. 

  69. );
    70. 

  70. 

  71. $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
    72. 

  72. $id = 1;
    73. 

  73. 

  74. foreach ($queries as $k => $query) {
    75. 

  75. 	$stmt = $db->prepare($query);
    76. 

  76. 	$stmt->bindParam(':id', $id);
    77. 

  77. 	$stmt->execute();
    78. 

  78. 	
    79. 

  79. 	printf("[%d] Query: [[%s]]\n", $k + 1, $query);
    80. 

  80. 	print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
    81. 

  81. 	print implode(' - ', $stmt->errorinfo()) ."\n";
    82. 

  82. 	print "--------\n";
    83. 

  83. }
    84. 

  84. 

  85. ?>
    86. 

  86. --EXPECT--
    87. 

  87. 1
    88. 

  88. 00000 -  - 
    89. 

  89. -------------------------------------------------------
    90. 

  90. [1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
    91. 

  91. 

  92. 00000 -  - 
    93. 

  93. --------
    94. 

  94. [2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
    95. 

  95. a'0
    96. 

  96. 00000 -  - 
    97. 

  97. --------
    98. 

  98. [3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
    99. 

  99. a - b'
    100. 

  100. 00000 -  - 
    101. 

  101. --------
    102. 

  102. [4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
    103. 

  103. foo?bar -  - '
    104. 

  104. 00000 -  - 
    105. 

  105. --------
    106. 

  106. Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
    107. 

  107. O'\0
    108. 

  108. 00000 -  - 
    109. 

  109. -------------------------------------------------------
    110. 

  110. [1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND  2 <> :id]]
    111. 

  111. 

  112. 00000 -  - 
    113. 

  113. --------
    114. 

  114. [2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id]]
    115. 

  115. 

  116. 00000 -  - 
    117. 

  117. --------
    118. 

  118. [3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id]]
    119. 

  119. 

  120. 00000 -  - 
    121. 

  121. --------
    122. 

  122. [4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id]]
    123. 

  123. 1
    124. 

  124. 00000 -  - 
    125. 

  125. --------
    126. 

  126. [5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
    127. 

  127. a - b'
    128. 

  128. 00000 -  - 
    129. 

  129. --------
    130. 

  130. [6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
    131. 

  131. a' - 'b'
    132. 

  132. 00000 -  - 
    133. 

  133. --------
    134. 

  134. [7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
    135. 

  135. 1
    136. 

  136. 00000 -  - 
    137. 

  137. --------
    138. 

  138. [8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
    139. 

  139. 

  140. 00000 -  - 
    141. 

  141. --------
    142. 

  142. [9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
    143. 

  143. 1
    144. 

  144. 00000 -  - 
    145. 

  145. --------
    146. 

  146. [10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
    147. 

  147. 

  148. 00000 -  - 
    149. 

  149. --------
    150. 

  150. [11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
    151. 

  151. 1
    152. 

  152. 00000 -  - 
    153. 

  153. --------
    154. 

  154. [12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
    155. 

  155. 

  156. 1 FROM DUAL WHERE '' and :id
    157. 

  157. 00000 -  - 
    158. 

  158. --------
    159. 

  159. [13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
    160. 

  160. 1
    161. 

  161. 00000 -  - 
    162. 

  162. --------
    163.