From 93721fdd94f90d48b290749398a26cef277ad129 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Tue, 24 Jun 2014 16:56:21 +0200
Subject: Added SQL injection protection for Mysqli and several test cases

---
 tests/sql/mysqli_comment_conditional.phpt | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 tests/sql/mysqli_comment_conditional.phpt

(limited to 'tests/sql/mysqli_comment_conditional.phpt')

diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt
new file mode 100644
index 0000000..0436c64
--- /dev/null
+++ b/tests/sql/mysqli_comment_conditional.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment protection and MySQL condition (/*!...*/)
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*! ... */");
+flush();
+echo "mark.";
+?>
+--EXPECTF--
+mark.
\ No newline at end of file
-- 
cgit v1.3