bug66141.phpt 1.2 KB

123456789101112131415161718192021222324252627282930313233343536373839
  1. --TEST--
  2. Bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query)
  3. --EXTENSIONS--
  4. pdo_mysql
  5. --SKIPIF--
  6. <?php
  7. require_once(__DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
  8. MySQLPDOTest::skip();
  9. ?>
  10. --FILE--
  11. <?php
  12. include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
  13. $db = MySQLPDOTest::factory();
  14. $input = 'Something\', 1 as one, 2 as two FROM dual; -- f';
  15. $quotedInput0 = $db->quote($input);
  16. $db->query('set session sql_mode="NO_BACKSLASH_ESCAPES"');
  17. // injection text from some user input
  18. $quotedInput1 = $db->quote($input);
  19. $db->query('something that throws an exception');
  20. $quotedInput2 = $db->quote($input);
  21. var_dump($quotedInput0);
  22. var_dump($quotedInput1);
  23. var_dump($quotedInput2);
  24. ?>
  25. done
  26. --EXPECTF--
  27. Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'something that throws an exception' at line %d in %s on line %d
  28. string(50) "'Something\', 1 as one, 2 as two FROM dual; -- f'"
  29. string(50) "'Something'', 1 as one, 2 as two FROM dual; -- f'"
  30. string(50) "'Something'', 1 as one, 2 as two FROM dual; -- f'"
  31. done