1--TEST-- 2Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault) 3--SKIPIF-- 4<?php 5require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc'); 6require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); 7MySQLPDOTest::skip(); 8 9?> 10--FILE-- 11<?php 12 13require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc'); 14 15$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt'); 16 17$search = "o'"; 18$sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%'); 19$stmt = $db->prepare($sql); 20$stmt->execute(); 21print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n"; 22print implode(' - ', $stmt->errorinfo()) ."\n"; 23 24print "-------------------------------------------------------\n"; 25 26$queries = array( 27 "SELECT 1 FROM DUAL WHERE 1 = '?\'\''", 28 "SELECT 'a\\'0' FROM DUAL WHERE 1 = ?", 29 "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?", 30 "SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?" 31); 32 33foreach ($queries as $k => $query) { 34 $stmt = $db->prepare($query); 35 $stmt->execute(array(1)); 36 printf("[%d] Query: [[%s]]\n", $k + 1, $query); 37 print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n"; 38 print implode(' - ', $stmt->errorinfo()) ."\n"; 39 print "--------\n"; 40} 41 42$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1); 43$sql = "SELECT upper(:id) FROM DUAL WHERE '1'"; 44$stmt = $db->prepare($sql); 45 46$id = 'o\'\0'; 47$stmt->bindParam(':id', $id); 48$stmt->execute(); 49printf("Query: [[%s]]\n", $sql); 50print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n"; 51print implode(' - ', $stmt->errorinfo()) ."\n"; 52 53print "-------------------------------------------------------\n"; 54 55$queries = array( 56 "SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND 2 <> :id", 57 "SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id", 58 "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id", 59 "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id", 60 "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1", 61 "SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1", 62 "SELECT UPPER(:id) FROM DUAL WHERE '1'", 63 "SELECT 1 FROM DUAL WHERE '\''", 64 "SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id", 65 "SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id", 66 "SELECT 1 FROM DUAL WHERE '\'' = ''''", 67 "SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'", 68 "SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id", 69); 70 71$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1); 72$id = 1; 73 74foreach ($queries as $k => $query) { 75 $stmt = $db->prepare($query); 76 $stmt->bindParam(':id', $id); 77 $stmt->execute(); 78 79 printf("[%d] Query: [[%s]]\n", $k + 1, $query); 80 print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n"; 81 print implode(' - ', $stmt->errorinfo()) ."\n"; 82 print "--------\n"; 83} 84 85?> 86--EXPECT-- 871 8800000 - - 89------------------------------------------------------- 90[1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']] 91 9200000 - - 93-------- 94[2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]] 95a'0 9600000 - - 97-------- 98[3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]] 99a - b' 10000000 - - 101-------- 102[4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]] 103foo?bar - - ' 10400000 - - 105-------- 106Query: [[SELECT upper(:id) FROM DUAL WHERE '1']] 107O'\0 10800000 - - 109------------------------------------------------------- 110[1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND 2 <> :id]] 111 11200000 - - 113-------- 114[2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id]] 115 11600000 - - 117-------- 118[3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id]] 119 12000000 - - 121-------- 122[4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id]] 1231 12400000 - - 125-------- 126[5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]] 127a - b' 12800000 - - 129-------- 130[6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]] 131a' - 'b' 13200000 - - 133-------- 134[7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']] 1351 13600000 - - 137-------- 138[8] Query: [[SELECT 1 FROM DUAL WHERE '\'']] 139 14000000 - - 141-------- 142[9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]] 1431 14400000 - - 145-------- 146[10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]] 147 14800000 - - 149-------- 150[11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']] 1511 15200000 - - 153-------- 154[12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']] 155 1561 FROM DUAL WHERE '' and :id 15700000 - - 158-------- 159[13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]] 1601 16100000 - - 162-------- 163
