diff options
| author | Ben Fuhrmannek | 2014-07-14 13:07:38 +0200 |
|---|---|---|
| committer | Ben Fuhrmannek | 2014-07-14 13:07:38 +0200 |
| commit | 1dc59e48642c98e34320f1a31c120fbf290fd509 (patch) | |
| tree | 5126791aac0c7655daa502a00a53d4c2257ced43 /tests/sql/mysqli_comment_sqlstyle_fail.phpt | |
| parent | 940509ed02db713920612b0994a57d6227c3655c (diff) | |
| parent | aafe0cf82f5fb7220ac6f674bbc1c2091a6a9c4d (diff) | |
Merge branch 'sql'
Diffstat (limited to 'tests/sql/mysqli_comment_sqlstyle_fail.phpt')
| -rw-r--r-- | tests/sql/mysqli_comment_sqlstyle_fail.phpt | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/sql/mysqli_comment_sqlstyle_fail.phpt b/tests/sql/mysqli_comment_sqlstyle_fail.phpt new file mode 100644 index 0000000..83e63c5 --- /dev/null +++ b/tests/sql/mysqli_comment_sqlstyle_fail.phpt | |||
| @@ -0,0 +1,25 @@ | |||
| 1 | --TEST-- | ||
| 2 | Mysqli query with SQL comment (--) protection set to fail | ||
| 3 | --INI-- | ||
| 4 | extension=mysqli.so | ||
| 5 | suhosin.sql.bailout_on_error=0 | ||
| 6 | suhosin.sql.comment=2 | ||
| 7 | suhosin.sql.opencomment=0 | ||
| 8 | suhosin.sql.multiselect=0 | ||
| 9 | suhosin.sql.union=0 | ||
| 10 | suhosin.log.stdout=32 | ||
| 11 | --SKIPIF-- | ||
| 12 | <?php | ||
| 13 | include('skipifmysqli.inc'); | ||
| 14 | include('skipif.inc'); | ||
| 15 | ?> | ||
| 16 | --FILE-- | ||
| 17 | <?php | ||
| 18 | include('connect.inc'); | ||
| 19 | $mysqli = connect_mysqli_oostyle(); | ||
| 20 | $result = $mysqli->query("SELECT 1 -- injection"); | ||
| 21 | flush(); | ||
| 22 | echo "mark."; | ||
| 23 | ?> | ||
| 24 | --EXPECTREGEX-- | ||
| 25 | ALERT - Comment in SQL query.*\) \ No newline at end of file | ||