1 files changed, 25 insertions, 0 deletions
diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt
new file mode 100644
index 0000000..c32c76a
--- /dev/null
+++ b/tests/sql/mysqli_comment_sqlstyle.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (--) protection
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=1
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 -- injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*mark.
+\ No newline at end of file

diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt new file mode 100644 index 0000000..c32c76a --- /dev/null +++ b/tests/sql/mysqli_comment_sqlstyle.phpt
@@ -0,0 +1,25 @@
	1	--TEST--
	2	Mysqli query with SQL comment (--) protection
	3	--INI--
	4	extension=mysqli.so
	5	suhosin.sql.bailout_on_error=0
	6	suhosin.sql.comment=1
	7	suhosin.sql.opencomment=0
	8	suhosin.sql.multiselect=0
	9	suhosin.sql.union=0
	10	suhosin.log.stdout=32
	11	--SKIPIF--
	12	<?php
	13	include('skipifmysqli.inc');
	14	include('skipif.inc');
	15	?>
	16	--FILE--
	17	<?php
	18	include('connect.inc');
	19	$mysqli = connect_mysqli_oostyle();
	20	$result = $mysqli->query("SELECT 1 -- injection");
	21	flush();
	22	echo "mark.";
	23	?>
	24	--EXPECTREGEX--
	25	ALERT - Comment in SQL query.*mark. \ No newline at end of file