summaryrefslogtreecommitdiff
path: root/ext/pdo_mysql
diff options
context:
space:
mode:
authorFelipe Pena <felipe@php.net>2008-10-10 12:10:41 +0000
committerFelipe Pena <felipe@php.net>2008-10-10 12:10:41 +0000
commit1f54af9245c35f2ffdc8c708da9c8552ecada4f8 (patch)
tree25acb551517f76cfc15feca97e6c65b9dbb2b2a7 /ext/pdo_mysql
parentd77277c0e247e5d8d89d91e9a57aea8ed23d5995 (diff)
downloadphp-git-1f54af9245c35f2ffdc8c708da9c8552ecada4f8.tar.gz
MFH:
- Fixed bug #44251 (Question mark and an escaped singel quote lead to an exception) - Fixed bug #41125 (PDO mysql + quote() + prepare() can result in seg fault) Patch by: tsteiner at nerdclub dot net
Diffstat (limited to 'ext/pdo_mysql')
-rw-r--r--ext/pdo_mysql/tests/bug41125.phpt162
1 files changed, 162 insertions, 0 deletions
diff --git a/ext/pdo_mysql/tests/bug41125.phpt b/ext/pdo_mysql/tests/bug41125.phpt
new file mode 100644
index 0000000000..5889a4d291
--- /dev/null
+++ b/ext/pdo_mysql/tests/bug41125.phpt
@@ -0,0 +1,162 @@
+--TEST--
+Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)
+--SKIPIF--
+<?php
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+MySQLPDOTest::skip();
+
+?>
+--FILE--
+<?php
+
+require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
+
+$db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
+
+$search = "o'";
+$sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%');
+$stmt = $db->prepare($sql);
+$stmt->execute();
+print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
+print implode(' - ', $stmt->errorinfo()) ."\n";
+
+print "-------------------------------------------------------\n";
+
+$queries = array(
+ "SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
+ "SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
+ "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
+ "SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
+);
+
+foreach ($queries as $k => $query) {
+ $stmt = $db->prepare($query);
+ $stmt->execute(array(1));
+ printf("[%d] Query: [[%s]]\n", $k + 1, $query);
+ print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
+ print implode(' - ', $stmt->errorinfo()) ."\n";
+ print "--------\n";
+}
+
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
+$sql = "SELECT upper(:id) FROM DUAL WHERE '1'";
+$stmt = $db->prepare($sql);
+
+$id = 'o\'\0';
+$stmt->bindParam(':id', $id);
+$stmt->execute();
+printf("Query: [[%s]]\n", $sql);
+print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
+print implode(' - ', $stmt->errorinfo()) ."\n";
+
+print "-------------------------------------------------------\n";
+
+$queries = array(
+ "SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND 2 <> :id",
+ "SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id",
+ "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id",
+ "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id",
+ "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
+ "SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
+ "SELECT UPPER(:id) FROM DUAL WHERE '1'",
+ "SELECT 1 FROM DUAL WHERE '\''",
+ "SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
+ "SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
+ "SELECT 1 FROM DUAL WHERE '\'' = ''''",
+ "SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
+ "SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
+);
+
+$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
+$id = 1;
+
+foreach ($queries as $k => $query) {
+ $stmt = $db->prepare($query);
+ $stmt->bindParam(':id', $id);
+ $stmt->execute();
+
+ printf("[%d] Query: [[%s]]\n", $k + 1, $query);
+ print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
+ print implode(' - ', $stmt->errorinfo()) ."\n";
+ print "--------\n";
+}
+
+?>
+--EXPECT--
+1
+00000
+-------------------------------------------------------
+[1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
+
+00000
+--------
+[2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
+a'0
+00000
+--------
+[3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
+a - b'
+00000
+--------
+[4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
+foo?bar - - '
+00000
+--------
+Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
+O'\0
+00000
+-------------------------------------------------------
+[1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND 2 <> :id]]
+
+00000
+--------
+[2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id]]
+
+00000
+--------
+[3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id]]
+
+00000
+--------
+[4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id]]
+1
+00000
+--------
+[5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
+a - b'
+00000
+--------
+[6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
+a' - 'b'
+00000
+--------
+[7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
+1
+00000
+--------
+[8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
+
+00000
+--------
+[9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
+1
+00000
+--------
+[10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
+
+00000
+--------
+[11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
+1
+00000
+--------
+[12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
+
+1 FROM DUAL WHERE '' and :id
+00000
+--------
+[13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
+1
+00000
+--------
View Lorry Controller Status