xref: /PHP-7.4/ext/pgsql/tests/bug81720.phpt (revision 55f6895f) 
1--TEST--
2Bug #81720 (Uninitialized array in pg_query_params() leading to RCE)
3--SKIPIF--
4<?php include("skipif.inc"); ?>
5--FILE--
6<?php
7include('config.inc');
8
9$conn = pg_connect($conn_str);
10
11try {
12    pg_query_params($conn, 'SELECT $1, $2', [1, new stdClass()]);
13} catch (Throwable $ex) {
14    echo $ex->getMessage(), PHP_EOL;
15}
16
17try {
18    pg_send_prepare($conn, "my_query", 'SELECT $1, $2');
19    pg_get_result($conn);
20    pg_send_execute($conn, "my_query", [1, new stdClass()]);
21} catch (Throwable $ex) {
22    echo $ex->getMessage(), PHP_EOL;
23}
24?>
25--EXPECT--
26Object of class stdClass could not be converted to string
27Object of class stdClass could not be converted to string
28