Added SQL injection protection for Mysqli and several test cases

author: Ben Fuhrmannek 2014-06-24 16:56:21 +0200
committer: Ben Fuhrmannek 2014-06-24 16:56:21 +0200
commit: 93721fdd94f90d48b290749398a26cef277ad129 (patch)
tree: 16d6f2bbe8ad8e5313b6bb07b18b182aee00b806 /tests/sql/mysqli_comment_conditional.phpt
parent: f3efcde454d85cdf4b6ddafa05afe99cea5cfd78 (diff)
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt
new file mode 100644
index 0000000..0436c64
--- /dev/null
+++ b/tests/sql/mysqli_comment_conditional.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment protection and MySQL condition (/*!...*/)
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*! ... */");
+flush();
+echo "mark.";
+?>
+--EXPECTF--
+mark.
+\ No newline at end of file
author	Ben Fuhrmannek	2014-06-24 16:56:21 +0200
committer	Ben Fuhrmannek	2014-06-24 16:56:21 +0200
commit	93721fdd94f90d48b290749398a26cef277ad129 (patch)
tree	16d6f2bbe8ad8e5313b6bb07b18b182aee00b806 /tests/sql/mysqli_comment_conditional.phpt
parent	f3efcde454d85cdf4b6ddafa05afe99cea5cfd78 (diff)

diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt new file mode 100644 index 0000000..0436c64 --- /dev/null +++ b/tests/sql/mysqli_comment_conditional.phpt
@@ -0,0 +1,25 @@
	1	--TEST--
	2	Mysqli query with SQL comment protection and MySQL condition (/!.../)
	3	--INI--
	4	extension=mysqli.so
	5	suhosin.sql.bailout_on_error=0
	6	suhosin.sql.comment=2
	7	suhosin.sql.opencomment=0
	8	suhosin.sql.multiselect=0
	9	suhosin.sql.union=0
	10	suhosin.log.stdout=32
	11	--SKIPIF--
	12	<?php
	13	include('skipifmysqli.inc');
	14	include('skipif.inc');
	15	?>
	16	--FILE--
	17	<?php
	18	include('connect.inc');
	19	$mysqli = connect_mysqli_oostyle();
	20	$result = $mysqli->query("SELECT 1 /! ... /");
	21	flush();
	22	echo "mark.";
	23	?>
	24	--EXPECTF--
	25	mark. \ No newline at end of file