xref: /PHP-7.2/ext/pdo_mysql/tests/bug41125.phpt (revision 17ccbeec)
1--TEST--
2Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)
3--SKIPIF--
4<?php
5require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
6require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
7MySQLPDOTest::skip();
8
9?>
10--FILE--
11<?php
12
13require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
14
15$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
16
17$search = "o'";
18$sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%');
19$stmt = $db->prepare($sql);
20$stmt->execute();
21print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
22print implode(' - ', $stmt->errorinfo()) ."\n";
23
24print "-------------------------------------------------------\n";
25
26$queries = array(
27	"SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
28	"SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
29	"SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
30	"SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
31);
32
33foreach ($queries as $k => $query) {
34	$stmt = $db->prepare($query);
35	$stmt->execute(array(1));
36	printf("[%d] Query: [[%s]]\n", $k + 1, $query);
37	print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
38	print implode(' - ', $stmt->errorinfo()) ."\n";
39	print "--------\n";
40}
41
42$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
43$sql = "SELECT upper(:id) FROM DUAL WHERE '1'";
44$stmt = $db->prepare($sql);
45
46$id = 'o\'\0';
47$stmt->bindParam(':id', $id);
48$stmt->execute();
49printf("Query: [[%s]]\n", $sql);
50print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
51print implode(' - ', $stmt->errorinfo()) ."\n";
52
53print "-------------------------------------------------------\n";
54
55$queries = array(
56	"SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND  2 <> :id",
57	"SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id",
58	"SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id",
59	"SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id",
60	"SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
61	"SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
62	"SELECT UPPER(:id) FROM DUAL WHERE '1'",
63	"SELECT 1 FROM DUAL WHERE '\''",
64	"SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
65	"SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
66	"SELECT 1 FROM DUAL WHERE '\'' = ''''",
67	"SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
68	"SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
69);
70
71$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
72$id = 1;
73
74foreach ($queries as $k => $query) {
75	$stmt = $db->prepare($query);
76	$stmt->bindParam(':id', $id);
77	$stmt->execute();
78
79	printf("[%d] Query: [[%s]]\n", $k + 1, $query);
80	print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
81	print implode(' - ', $stmt->errorinfo()) ."\n";
82	print "--------\n";
83}
84
85?>
86--EXPECT--
871
8800000 -  -
89-------------------------------------------------------
90[1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
91
9200000 -  -
93--------
94[2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
95a'0
9600000 -  -
97--------
98[3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
99a - b'
10000000 -  -
101--------
102[4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
103foo?bar -  - '
10400000 -  -
105--------
106Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
107O'\0
10800000 -  -
109-------------------------------------------------------
110[1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND  2 <> :id]]
111
11200000 -  -
113--------
114[2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND  2 <> :id]]
115
11600000 -  -
117--------
118[3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND  2 <> :id]]
119
12000000 -  -
121--------
122[4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND  2 <> :id]]
1231
12400000 -  -
125--------
126[5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
127a - b'
12800000 -  -
129--------
130[6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
131a' - 'b'
13200000 -  -
133--------
134[7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
1351
13600000 -  -
137--------
138[8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
139
14000000 -  -
141--------
142[9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
1431
14400000 -  -
145--------
146[10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
147
14800000 -  -
149--------
150[11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
1511
15200000 -  -
153--------
154[12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
155
1561 FROM DUAL WHERE '' and :id
15700000 -  -
158--------
159[13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
1601
16100000 -  -
162--------
163