1--TEST-- 2mysqli_real_escape_string() - SQL Mode NO_BACKSLASH_ESCAPE 3--SKIPIF-- 4<?php 5require_once('skipif.inc'); 6require_once('skipifconnectfailure.inc'); 7?> 8--FILE-- 9<?php 10 require_once("connect.inc"); 11 require_once('table.inc'); 12 13 if (!mysqli_query($link, 'SET @@sql_mode="NO_BACKSLASH_ESCAPES"')) 14 printf("[001] Cannot set NO_BACKSLASH_ESCAPES, [%d] %s\n", mysqli_errno($link), mysqli_error($link)); 15 16 if ('\\' !== ($tmp = mysqli_real_escape_string($link, '\\'))) 17 printf("[002] Expecting \\, got %s\n", $tmp); 18 19 if ('"' !== ($tmp = mysqli_real_escape_string($link, '"'))) 20 printf("[003] Expecting \", got %s\n", $tmp); 21 22 if ("''" !== ($tmp = mysqli_real_escape_string($link, "'"))) 23 printf("[004] Expecting '', got %s\n", $tmp); 24 25 if ("\n" !== ($tmp = mysqli_real_escape_string($link, "\n"))) 26 printf("[005] Expecting \\n, got %s\n", $tmp); 27 28 if ("\r" !== ($tmp = mysqli_real_escape_string($link, "\r"))) 29 printf("[006] Expecting \\r, got %s\n", $tmp); 30 31 assert("foo" . chr(0) . "bar" === "foo" . chr(0) . "bar"); 32 if ("foo" . chr(0) . "bar" !== ($tmp = mysqli_real_escape_string($link, "foo" . chr(0) . "bar"))) 33 printf("[007] Expecting %s, got %s\n", "foo" . chr(0) . "bar", $tmp); 34 35 if (!mysqli_query($link, sprintf('INSERT INTO test(id, label) VALUES (100, "%s")', 36 mysqli_real_escape_string($link, "\\")))) 37 printf("[009] Cannot INSERT, [%d] %s\n", mysqli_errno($link), mysqli_error($link)); 38 39 if (!($res = mysqli_query($link, 'SELECT label FROM test WHERE id = 100')) || 40 !($row = mysqli_fetch_assoc($res))) 41 printf("[010] [%d] %s\n", mysqli_errno($link), mysqli_error($link)); 42 43 var_dump($row); 44 mysqli_free_result($res); 45 46 if (!mysqli_query($link, 'SET @@sql_mode=""')) 47 printf("[011] Cannot disable NO_BACKSLASH_ESCAPES, [%d] %s\n", mysqli_errno($link), mysqli_error($link)); 48 49 if ('\\\\' !== ($tmp = mysqli_real_escape_string($link, '\\'))) 50 printf("[012] Expecting \\, got %s\n", $tmp); 51 52 if ("foo\\0bar" !== ($tmp = mysqli_real_escape_string($link, "foo" . chr(0) . "bar"))) 53 printf("[013] Expecting %s, got %s\n", "foo" . chr(0) . "bar", $tmp); 54 55 mysqli_close($link); 56 57 print "done!"; 58?> 59--EXPECT-- 60array(1) { 61 ["label"]=> 62 string(1) "\" 63} 64done! 65