xref: /PHP-7.2/ext/pdo_mysql/tests/bug66141.phpt (revision f1d7e3ca)
1--TEST--
2Bug #66141 (mysqlnd quote function is wrong with NO_BACKSLASH_ESCAPES after failed query)
3--SKIPIF--
4<?php
5require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
6require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
7MySQLPDOTest::skip();
8?>
9--FILE--
10<?php
11include __DIR__ . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc';
12$db = MySQLPDOTest::factory();
13
14$input = 'Something\', 1 as one, 2 as two  FROM dual; -- f';
15
16$quotedInput0 = $db->quote($input);
17
18$db->query('set session sql_mode="NO_BACKSLASH_ESCAPES"');
19
20// injection text from some user input
21
22$quotedInput1 = $db->quote($input);
23
24$db->query('something that throws an exception');
25
26$quotedInput2 = $db->quote($input);
27
28var_dump($quotedInput0);
29var_dump($quotedInput1);
30var_dump($quotedInput2);
31?>
32done
33--EXPECTF--
34Warning: PDO::query(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your %s server version for the right syntax to use near 'something that throws an exception' at line %d in %s on line %d
35string(50) "'Something\', 1 as one, 2 as two  FROM dual; -- f'"
36string(50) "'Something'', 1 as one, 2 as two  FROM dual; -- f'"
37string(50) "'Something'', 1 as one, 2 as two  FROM dual; -- f'"
38done
39