1--TEST-- 2PostgreSQL escape functions 3--EXTENSIONS-- 4pgsql 5--SKIPIF-- 6<?php include("skipif.inc"); ?> 7--FILE-- 8<?php 9 10include 'config.inc'; 11define('FILE_NAME', __DIR__ . '/php.gif'); 12 13// pg_escape_string() test 14$before = "ABC\\ABC\'"; 15$expect = "ABC\\\\ABC\\'"; 16$expect2 = "ABC\\\\ABC\\\\''"; //the way escape string differs from PostgreSQL 9.0 17$after = pg_escape_string($before); 18if ($expect === $after || $expect2 === $after) { 19 echo "pg_escape_string() is Ok\n"; 20} 21else { 22 echo "pg_escape_string() is NOT Ok\n"; 23 var_dump($before); 24 var_dump($after); 25 var_dump($expect); 26} 27 28// pg_escape_bytea() test 29$before = "ABC\\ABC"; 30$expect = "ABC\\\\\\\\ABC"; 31$after = pg_escape_bytea($before); 32if ($expect === $after) { 33 echo "pg_escape_bytea() is Ok\n"; 34} 35else { 36 echo "pg_escape_byte() is NOT Ok\n"; 37 var_dump($before); 38 var_dump($after); 39 var_dump($expect); 40} 41 42// Test using database 43$data = file_get_contents(FILE_NAME); 44$db = pg_connect($conn_str); 45 46// Insert binary to DB 47$escaped_data = pg_escape_bytea($db, $data); 48pg_query($db, "DELETE FROM ".$table_name." WHERE num = 10000;"); 49$sql = "INSERT INTO ".$table_name." (num, bin) VALUES (10000, CAST ('".$escaped_data."' AS BYTEA));"; 50pg_query($db, $sql); 51 52// Retrieve binary from DB 53for ($i = 0; $i < 2; $i++) { 54 $sql = "SELECT bin::bytea FROM ".$table_name." WHERE num = 10000"; 55 $result = pg_query($db, $sql); 56 $row = pg_fetch_array($result, 0, PGSQL_ASSOC); 57 58 if ($data === pg_unescape_bytea($row['bin'])) { 59 echo "pg_escape_bytea() actually works with database\n"; 60 break; 61 } 62 elseif (!$i) { 63 // Force bytea escaping and retry 64 @pg_query($db, "SET bytea_output = 'escape'"); 65 } 66 else { 67 $result = pg_query($db, $sql); 68 echo "pg_escape_bytea() is broken\n"; 69 break; 70 } 71} 72 73// pg_escape_literal/pg_escape_identifier 74$before = "ABC\\ABC\'"; 75$expect = " E'ABC\\\\ABC\\\\'''"; 76$after = pg_escape_literal($db, $before); 77if ($expect === $after) { 78 echo "pg_escape_literal() is Ok\n"; 79} 80else { 81 echo "pg_escape_literal() is NOT Ok\n"; 82 var_dump($before); 83 var_dump($after); 84 var_dump($expect); 85} 86 87$before = "ABC\\ABC\'"; 88$expect = "\"ABC\ABC\'\""; 89$after = pg_escape_identifier($db, $before); 90if ($expect === $after) { 91 echo "pg_escape_identifier() is Ok\n"; 92} 93else { 94 echo "pg_escape_identifier() is NOT Ok\n"; 95 var_dump($before); 96 var_dump($after); 97 var_dump($expect); 98} 99 100?> 101--EXPECTF-- 102Deprecated: pg_escape_string(): Automatic fetching of PostgreSQL connection is deprecated in %s on line %d 103pg_escape_string() is Ok 104 105Deprecated: pg_escape_bytea(): Automatic fetching of PostgreSQL connection is deprecated in %s on line %d 106pg_escape_bytea() is Ok 107pg_escape_bytea() actually works with database 108pg_escape_literal() is Ok 109pg_escape_identifier() is Ok 110
