xref: /PHP-8.1/ext/pgsql/tests/pg_insert_002.phpt (revision e378968c)
1--TEST--
2PostgreSQL pg_insert() - test for CVE-2015-1532
3--EXTENSIONS--
4pgsql
5--SKIPIF--
6<?php include("skipif.inc"); ?>
7--FILE--
8<?php
9
10include('config.inc');
11
12$conn = pg_connect($conn_str);
13
14foreach (array('', '.', '..') as $table) {
15    try {
16        var_dump(pg_insert($conn, $table,  array('id' => 1, 'id2' => 1)));
17    } catch (\ValueError $e) {
18        echo $e->getMessage() . \PHP_EOL;
19    }
20}
21?>
22Done
23--EXPECTF--
24pg_insert(): Argument #2 ($table_name) cannot be empty
25
26Warning: pg_insert(): The table name must be specified in %s on line %d
27bool(false)
28
29Warning: pg_insert(): The table name must be specified in %s on line %d
30bool(false)
31Done
32