From 93721fdd94f90d48b290749398a26cef277ad129 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Tue, 24 Jun 2014 16:56:21 +0200
Subject: Added SQL injection protection for Mysqli and several test cases

---
 tests/sql/mysqli_comment_sqlstyle.phpt | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 tests/sql/mysqli_comment_sqlstyle.phpt

(limited to 'tests/sql/mysqli_comment_sqlstyle.phpt')

diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt
new file mode 100644
index 0000000..c32c76a
--- /dev/null
+++ b/tests/sql/mysqli_comment_sqlstyle.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (--) protection
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=1
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 -- injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*mark.
\ No newline at end of file
-- 
cgit v1.3