1--TEST-- 2Bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query) 3--SKIPIF-- 4<?php 5require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc'); 6require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); 7MySQLPDOTest::skip(); 8?> 9--FILE-- 10<?php 11include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'; 12$db = MySQLPDOTest::factory(); 13 14$input = 'Something\', 1 as one, 2 as two FROM dual; -- f'; 15 16$quotedInput0 = $db->quote($input); 17 18$db->query('set session sql_mode="NO_BACKSLASH_ESCAPES"'); 19 20// injection text from some user input 21 22$quotedInput1 = $db->quote($input); 23 24$db->query('something that throws an exception'); 25 26$quotedInput2 = $db->quote($input); 27 28var_dump($quotedInput0); 29var_dump($quotedInput1); 30var_dump($quotedInput2); 31?> 32done 33--EXPECTF-- 34Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'something that throws an exception' at line %d in %s on line %d 35string(50) "'Something\', 1 as one, 2 as two FROM dual; -- f'" 36string(50) "'Something'', 1 as one, 2 as two FROM dual; -- f'" 37string(50) "'Something'', 1 as one, 2 as two FROM dual; -- f'" 38done 39
