26 files changed, 649 insertions, 99 deletions
diff --git a/.gitignore b/.gitignore
index e43b0f9..ddb1030 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,28 @@
 .DS_Store
+/config.log
+/config.guess
+/config.h
+/config.h.in
+/config.h.in~
+/config.nice
+/config.status
+/config.sub
+/*.lo
+/.deps
+/.libs/
+/Makefile
+/Makefile.*
+/ac*.m4
+/autom4te.cache/
+/build/
+/configure
+/configure.in
+/install-sh
+/libtool
+/ltmain.sh
+/missing
+/mkinstalldirs
+/modules/
+/run-tests.php
+/suhosin.la
diff --git a/Changelog b/Changelog
index 2bad2b3..a603fb7 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,13 @@
+2014-06-24 - 0.9.37-dev
+    - Added SQL injection protection for Mysqli and several test cases
+    - Added wildcard matching for SQL username
+    - Added check for SQL username to only contain valid characters (>= ASCII 32)
+    - Test cases for user_prefix and user_postfix
+    - Added experimental PDO support
+    - SQL checks other than mysql (Mysqli + old-style) must be enabled with
+      configure --enable-suhosin-experimental, e.g. MSSQL.
 2014-06-10 - 0.9.36
    - Added better handling of non existing/non executable shell scripts
diff --git a/config.m4 b/config.m4
index ee4b7ba..01edafd 100644
--- a/config.m4
+++ b/config.m4
@@ -7,3 +7,10 @@ PHP_ARG_ENABLE(suhosin, whether to enable suhosin support,
 if test "$PHP_SUHOSIN" != "no"; then
  PHP_NEW_EXTENSION(suhosin, suhosin.c sha256.c memory_limit.c treat_data.c ifilter.c post_handler.c ufilter.c rfc1867.c rfc1867_new.c log.c header.c execute.c ex_imp.c session.c aes.c compat_snprintf.c, $ext_shared)
 fi
+PHP_ARG_ENABLE(suhosin-experimental, whether to enable experimental suhosin features,
+[  --enable-suhosin-experimental        Enable experimental suhosin features], no, no)
+if test "$PHP_SUHOSIN_EXPERIMENTAL" != "no"; then
+  AC_DEFINE(SUHOSIN_EXPERIMENTAL, 1, [Whether to enable experimental suhosin features])
+fi
diff --git a/execute.c b/execute.c
index 1f7cf15..82a4866 100644
--- a/execute.c
+++ b/execute.c
@@ -24,6 +24,7 @@
 #endif
 #include <fcntl.h>
+#include <fnmatch.h>
 #include "php.h"
 #include "php_ini.h"
 #include "zend_hash.h"
@@ -880,7 +881,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
                return (0);
        }
    
-        if ((long) ih->arg1) {
+        if ((long) ih->arg2) {
            mysql_extension = 1;
        }
        
@@ -892,6 +893,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
        }
        len = Z_STRLEN_P(backup);
        query = Z_STRVAL_P(backup);
+        SDEBUG("SQL |%s|", query);
        
        s = query;
        e = s+len;
@@ -1023,29 +1025,16 @@ int ih_fixusername(IH_HANDLER_PARAMS)
        void **p = EG(argument_stack).top_element-2;
 #endif
        unsigned long arg_count;
-        zval **arg;char *prefix, *postfix, *user;
+        zval **arg;
+        char *prefix, *postfix, *user, *user_match, *cp;
        zval *backup, *my_user;
        int prefix_len, postfix_len, len;
        
-        SDEBUG("function: %s", ih->name);
+        SDEBUG("function (fixusername): %s", ih->name);
        
        prefix = SUHOSIN_G(sql_user_prefix);
        postfix = SUHOSIN_G(sql_user_postfix);
-        
+        user_match = SUHOSIN_G(sql_user_match);
-        if ((prefix == NULL || prefix[0] == 0)&& 
-                (postfix == NULL || postfix[0] == 0)) {
-                return (0);
-        }
-        
-        if (prefix == NULL) {
-                prefix = "";
-        }
-        if (postfix == NULL) {
-                postfix = "";
-        }
-        
-        prefix_len = strlen(prefix);
-        postfix_len = strlen(postfix);
        
        arg_count = (unsigned long) *p;
@@ -1064,26 +1053,60 @@ int ih_fixusername(IH_HANDLER_PARAMS)
                user = Z_STRVAL_P(backup);
        }
-        if (prefix_len && prefix_len <= len) {
+        cp = user;
-                if (strncmp(prefix, user, prefix_len)==0) {
+        while (cp < user+len) {
-                        prefix = "";
+                if (*cp < 32) {
-                        len -= prefix_len;
+                        suhosin_log(S_SQL, "SQL username contains invalid characters");
+                        if (!SUHOSIN_G(simulation)) {
+                                RETVAL_FALSE;
+                                return (1);
+                        } else {
+                                break;
+                        }
                }
+                cp++;
        }
-        
-        if (postfix_len && postfix_len <= len) {
+        if ((prefix != NULL && prefix[0]) || (postfix != NULL && postfix[0])) {
-                if (strncmp(postfix, user+len-postfix_len, postfix_len)==0) {
+                if (prefix == NULL) {
+                        prefix = "";
+                }
+                if (postfix == NULL) {
                        postfix = "";
                }
+                prefix_len = strlen(prefix);
+                postfix_len = strlen(postfix);
+                
+                MAKE_STD_ZVAL(my_user);
+                my_user->type = IS_STRING;
+                my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
+        
+                /* XXX: memory_leak? */
+                *arg = my_user; 
+                
+                len = Z_STRLEN_P(my_user);
+                user = Z_STRVAL_P(my_user);
        }
        
-        MAKE_STD_ZVAL(my_user);
+        if (user_match && user_match[0]) {
-        my_user->type = IS_STRING;
+#ifdef HAVE_FNMATCH
-        my_user->value.str.len = spprintf(&my_user->value.str.val, 0, "%s%s%s", prefix, user, postfix);
+                if (fnmatch(user_match, user, 0) != 0) {
+                        suhosin_log(S_SQL, "SQL username ('%s') does not match suhosin.sql.user_match ('%s')", user, user_match);
+                        if (!SUHOSIN_G(simulation)) {
+                                RETVAL_FALSE;
+                                return (1);
+                        }
+                }
+#else
+#warning no support for fnmatch() - setting suhosin.sql.user_match will always fail.
+                suhosin_log(S_SQL, "suhosin.sql.user_match specified, but system does not support fnmatch()");
+                if (!SUHOSIN_G(simulation)) {
+                        RETVAL_FALSE;
+                        return (1);
+                }
+#endif
+        }
        
-        /* XXX: memory_leak? */
-        *arg = my_user; 
-         
        SDEBUG("function: %s - user: %s", ih->name, user);
        return (0);
@@ -1552,9 +1575,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
 }
 internal_function_handler ihandlers[] = {
-    { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
+        { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
-    { "mail", ih_mail, NULL, NULL, NULL },
+        { "mail", ih_mail, NULL, NULL, NULL },
-    { "symlink", ih_symlink, NULL, NULL, NULL },
+        { "symlink", ih_symlink, NULL, NULL, NULL },
        
        { "srand", ih_srand, NULL, NULL, NULL },
        { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1586,95 @@ internal_function_handler ihandlers[] = {
        { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
        { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
        
-    { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "function_exists", ih_function_exists, NULL, NULL, NULL },
-    { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
        
-    { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
+        /* Mysqli */
-    { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
-    { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
-    
+        { "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "function_exists", ih_function_exists, NULL, NULL, NULL },
+        { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        
+        { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_multi_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::prepare", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_prepare", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::real_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::send_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // removed in PHP 5.3
+        { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // ----
        
-    { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Mysql API - deprecated in PHP 5.5 */
-    { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        
+#ifdef SUHOSIN_EXPERIMENTAL
+        /* MaxDB */
+        { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        
+        { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
-    { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* PDO */
-    { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+                /* note: mysql conditional comments not supported here */
+        { "pdo::__construct", ih_fixusername, (void *)2, NULL, NULL }, /* note: username may come from dsn (param 1) */
+        { "pdo::query", ih_querycheck, (void *)1, NULL, NULL },
+        { "pdo::prepare", ih_querycheck, (void *)1, NULL, NULL },
+        { "pdo::exec", ih_querycheck, (void *)1, NULL, NULL },
+        
+        /* Oracle OCI8 */
+        { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        /* FrontBase */
-    { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
-    { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Informix */
-    { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        /* Firebird/InterBase */
-    { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        /* Microsoft SQL Server */
-    { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+#endif
-    { "mysqli", ih_fixusername, (void *)2, NULL, NULL },
+        { NULL, NULL, NULL, NULL, NULL }
-    { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },
-    { NULL, NULL, NULL, NULL, NULL }
 };
 #define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));
diff --git a/php_suhosin.h b/php_suhosin.h
index 6d2ea80..4b460e4 100644
--- a/php_suhosin.h
+++ b/php_suhosin.h
@@ -76,15 +76,16 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
        char *filter_action;
        char *sql_user_prefix;
        char *sql_user_postfix;
-        long    sql_comment;
+        char *sql_user_match;
-        long    sql_opencomment;
+        long sql_comment;
-        long    sql_union;
+        long sql_opencomment;
-        long    sql_mselect;
+        long sql_union;
+        long sql_mselect;
        
        long max_execution_depth;
        zend_bool       abort_request;
        long executor_include_max_traversal;
-        zend_bool executor_include_allow_writable_files;
+        zend_bool executor_include_allow_writable_files;
        HashTable *include_whitelist;
@@ -153,11 +154,11 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
        zend_bool  upload_allow_utf8;
        char *upload_verification_script;
        
-        zend_bool  no_more_variables;
+        zend_bool  no_more_variables;
-        zend_bool  no_more_get_variables;
+        zend_bool  no_more_get_variables;
-        zend_bool  no_more_post_variables;
+        zend_bool  no_more_post_variables;
-        zend_bool  no_more_cookie_variables;
+        zend_bool  no_more_cookie_variables;
-        zend_bool  no_more_uploads;
+        zend_bool  no_more_uploads;
@@ -199,8 +200,8 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
        int     (*old_s_destroy)(void **mod_data, const char *key TSRMLS_DC);
        BYTE fi[24],ri[24];
-        WORD fkey[120];
+        WORD fkey[120];
-        WORD rkey[120];
+        WORD rkey[120];
        
        zend_bool       session_encrypt;
        char*   session_cryptkey;
@@ -248,16 +249,16 @@ ZEND_BEGIN_MODULE_GLOBALS(suhosin)
        zend_bool mt_is_seeded;
        /* PERDIR Handling */
-        char *perdir;
+        char *perdir;
-        zend_bool log_perdir;
+        zend_bool log_perdir;
-        zend_bool exec_perdir;
+        zend_bool exec_perdir;
-        zend_bool get_perdir;
+        zend_bool get_perdir;
-        zend_bool post_perdir;
+        zend_bool post_perdir;
-        zend_bool cookie_perdir;
+        zend_bool cookie_perdir;
-        zend_bool request_perdir;
+        zend_bool request_perdir;
-        zend_bool upload_perdir;
+        zend_bool upload_perdir;
-        zend_bool sql_perdir;
+        zend_bool sql_perdir;
-        zend_bool misc_perdir;
+        zend_bool misc_perdir;
 ZEND_END_MODULE_GLOBALS(suhosin)
diff --git a/suhosin.c b/suhosin.c
index f2533cb..f57e85a 100644
--- a/suhosin.c
+++ b/suhosin.c
@@ -990,13 +990,14 @@ PHP_INI_BEGIN()
        STD_PHP_INI_ENTRY("suhosin.upload.verification_script", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateUploadString, upload_verification_script, zend_suhosin_globals, suhosin_globals)
-        STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error",    "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateSQLBool, sql_bailout_on_error,  zend_suhosin_globals,   suhosin_globals)
+                STD_ZEND_INI_BOOLEAN("suhosin.sql.bailout_on_error",    "0",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateSQLBool, sql_bailout_on_error,  zend_suhosin_globals,   suhosin_globals)
-        STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.user_prefix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_prefix, zend_suhosin_globals, suhosin_globals)
-        STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.user_postfix", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_postfix, zend_suhosin_globals, suhosin_globals)
-        STD_PHP_INI_ENTRY("suhosin.sql.comment", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_comment, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.user_match", NULL, PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLString, sql_user_match, zend_suhosin_globals, suhosin_globals)
-        STD_PHP_INI_ENTRY("suhosin.sql.opencomment", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_opencomment, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.comment", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_comment, zend_suhosin_globals, suhosin_globals)
-        STD_PHP_INI_ENTRY("suhosin.sql.multiselect", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_mselect, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.opencomment", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_opencomment, zend_suhosin_globals, suhosin_globals)
-        STD_PHP_INI_ENTRY("suhosin.sql.union", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_union, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.multiselect", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_mselect, zend_suhosin_globals, suhosin_globals)
+        STD_PHP_INI_ENTRY("suhosin.sql.union", "0", PHP_INI_SYSTEM|PHP_INI_PERDIR, OnUpdateSQLLong, sql_union, zend_suhosin_globals, suhosin_globals)
    
        STD_ZEND_INI_BOOLEAN("suhosin.session.encrypt",         "1",            ZEND_INI_PERDIR|ZEND_INI_SYSTEM,        OnUpdateBool, session_encrypt,  zend_suhosin_globals,   suhosin_globals)
        STD_PHP_INI_ENTRY("suhosin.session.cryptkey", "", PHP_INI_ALL, OnUpdateString, session_cryptkey, zend_suhosin_globals, suhosin_globals)
diff --git a/tests/sql/connect.inc b/tests/sql/connect.inc
new file mode 100644
index 0000000..367d63d
--- /dev/null
+++ b/tests/sql/connect.inc
@@ -0,0 +1,14 @@
+<?php
+        $host      = getenv("MYSQL_TEST_HOST")     ? getenv("MYSQL_TEST_HOST") : "localhost";
+        $port      = getenv("MYSQL_TEST_PORT")     ? getenv("MYSQL_TEST_PORT") : 3306;
+        $user      = getenv("MYSQL_TEST_USER")     ? getenv("MYSQL_TEST_USER") : "root";
+        $passwd    = getenv("MYSQL_TEST_PASSWD")   ? getenv("MYSQL_TEST_PASSWD") : "";
+        $db        = getenv("MYSQL_TEST_DB")       ? getenv("MYSQL_TEST_DB") : "test";
+        $socket    = getenv("MYSQL_TEST_SOCKET")   ? getenv("MYSQL_TEST_SOCKET") : null;
+        function connect_mysqli_oostyle() {
+                global $host, $port, $user, $passwd, $db, $socket;
+                return new mysqli($host, $user, $passwd, $db, $port, $socket);
+        }
+?>
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt
new file mode 100644
index 0000000..0436c64
--- /dev/null
+++ b/tests/sql/mysqli_comment_conditional.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment protection and MySQL condition (/*!...*/)
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*! ... */");
+flush();
+echo "mark.";
+?>
+--EXPECTF--
+mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_cstyle_fail.phpt b/tests/sql/mysqli_comment_cstyle_fail.phpt
new file mode 100644
index 0000000..56a8ccb
--- /dev/null
+++ b/tests/sql/mysqli_comment_cstyle_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (/*...*/) protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /* injection */");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_hashstyle_fail.phpt b/tests/sql/mysqli_comment_hashstyle_fail.phpt
new file mode 100644
index 0000000..6f5b517
--- /dev/null
+++ b/tests/sql/mysqli_comment_hashstyle_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (#) protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 # injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt
new file mode 100644
index 0000000..c32c76a
--- /dev/null
+++ b/tests/sql/mysqli_comment_sqlstyle.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (--) protection
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=1
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 -- injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_sqlstyle_fail.phpt b/tests/sql/mysqli_comment_sqlstyle_fail.phpt
new file mode 100644
index 0000000..83e63c5
--- /dev/null
+++ b/tests/sql/mysqli_comment_sqlstyle_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (--) protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 -- injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_connect_invalid_username.phpt b/tests/sql/mysqli_connect_invalid_username.phpt
new file mode 100644
index 0000000..532254f
--- /dev/null
+++ b/tests/sql/mysqli_connect_invalid_username.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Mysqli connect with user_match not matching username
+--INI--
+extension=mysqli.so
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, "invalid\x01_username", $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+ALERT - SQL username contains invalid characters.*
+\ No newline at end of file
diff --git a/tests/sql/mysqli_multiselect.phpt b/tests/sql/mysqli_multiselect.phpt
new file mode 100644
index 0000000..63d6c19
--- /dev/null
+++ b/tests/sql/mysqli_multiselect.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with multiple SELECT statements
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=1
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1; SELECT 2");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Multiple SELECT in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_multiselect_fail.phpt b/tests/sql/mysqli_multiselect_fail.phpt
new file mode 100644
index 0000000..2bee62a
--- /dev/null
+++ b/tests/sql/mysqli_multiselect_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with multiple SELECT statements set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=2
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1; SELECT 2");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Multiple SELECT in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_multiselect_subselect.phpt b/tests/sql/mysqli_multiselect_subselect.phpt
new file mode 100644
index 0000000..e629720
--- /dev/null
+++ b/tests/sql/mysqli_multiselect_subselect.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with sub-SELECT
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=1
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT * FROM (SELECT 1)");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Multiple SELECT in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_no_constraints.phpt b/tests/sql/mysqli_no_constraints.phpt
new file mode 100644
index 0000000..1d7fff6
--- /dev/null
+++ b/tests/sql/mysqli_no_constraints.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Mysqli connection test without any constraints
+--INI--
+extension=mysqli.so
+suhosin.sql.comment=0
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 AS A UNION SELECT 2 -- injection");
+$rows = $result->fetch_all();
+if ($rows !== null && count($rows) == 2) { echo "ok"; }
+?>
+--EXPECTF--
+ok
+\ No newline at end of file
diff --git a/tests/sql/mysqli_open_comment.phpt b/tests/sql/mysqli_open_comment.phpt
new file mode 100644
index 0000000..29d3536
--- /dev/null
+++ b/tests/sql/mysqli_open_comment.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL open comment protection (/*...)
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=1
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Open comment in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_open_comment_fail.phpt b/tests/sql/mysqli_open_comment_fail.phpt
new file mode 100644
index 0000000..4645523
--- /dev/null
+++ b/tests/sql/mysqli_open_comment_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL open comment protection (/*...) set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=2
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Open comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_union.phpt b/tests/sql/mysqli_union.phpt
new file mode 100644
index 0000000..9af9c61
--- /dev/null
+++ b/tests/sql/mysqli_union.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Mysqli query with UNION protection
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=1
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 UNION SELECT 2");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - UNION in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_union_fail.phpt b/tests/sql/mysqli_union_fail.phpt
new file mode 100644
index 0000000..ee51a79
--- /dev/null
+++ b/tests/sql/mysqli_union_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with UNION protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=2
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 UNION SELECT 2");
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - UNION in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_user_match_error.phpt b/tests/sql/mysqli_user_match_error.phpt
new file mode 100644
index 0000000..69db081
--- /dev/null
+++ b/tests/sql/mysqli_user_match_error.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Mysqli connect with user_match not matching username
+--INI--
+extension=mysqli.so
+suhosin.sql.user_match=complicated_userprefix*
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, 'invalid_username', $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+ALERT - SQL username .* does not match.*
+\ No newline at end of file
diff --git a/tests/sql/mysqli_user_match_ok.phpt b/tests/sql/mysqli_user_match_ok.phpt
new file mode 100644
index 0000000..a2ad832
--- /dev/null
+++ b/tests/sql/mysqli_user_match_ok.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Mysqli connect with user_match matching username
+--INI--
+extension=mysqli.so
+suhosin.sql.user_match=invalid_*
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, 'invalid_username', $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+.*Access denied for user 'invalid_username'.*
+\ No newline at end of file
diff --git a/tests/sql/mysqli_user_postfix.phpt b/tests/sql/mysqli_user_postfix.phpt
new file mode 100644
index 0000000..11e3fe6
--- /dev/null
+++ b/tests/sql/mysqli_user_postfix.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Mysqli connect with user_postfix
+--INI--
+extension=mysqli.so
+suhosin.sql.user_postfix=_post
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, 'invalid_username', $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+.*Access denied for user 'invalid_username_post'.*
+\ No newline at end of file
diff --git a/tests/sql/mysqli_user_prefix.phpt b/tests/sql/mysqli_user_prefix.phpt
new file mode 100644
index 0000000..bb229f0
--- /dev/null
+++ b/tests/sql/mysqli_user_prefix.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Mysqli connect with user_prefix
+--INI--
+extension=mysqli.so
+suhosin.sql.user_prefix=pre_
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = new mysqli($host, 'invalid_username', $passwd, $db, $port, $socket);
+?>
+--EXPECTREGEX--
+.*Access denied for user 'pre_invalid_username'.*
+\ No newline at end of file
diff --git a/tests/sql/skipifmysqli.inc b/tests/sql/skipifmysqli.inc
new file mode 100644
index 0000000..ee16cf1
--- /dev/null
+++ b/tests/sql/skipifmysqli.inc
@@ -0,0 +1,5 @@
+<?php
+if (!extension_loaded("mysqli")) {
+        die('skip - mysqli extension not available');
+}
+?>
+\ No newline at end of file