Annotation of embedaddon/php/ext/pdo_mysql/tests/bug41125.phpt, revision 1.1
1.1 ! misho 1: --TEST--
! 2: Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)
! 3: --SKIPIF--
! 4: <?php
! 5: require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
! 6: require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
! 7: MySQLPDOTest::skip();
! 8:
! 9: ?>
! 10: --FILE--
! 11: <?php
! 12:
! 13: require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
! 14:
! 15: $db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
! 16:
! 17: $search = "o'";
! 18: $sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%');
! 19: $stmt = $db->prepare($sql);
! 20: $stmt->execute();
! 21: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
! 22: print implode(' - ', $stmt->errorinfo()) ."\n";
! 23:
! 24: print "-------------------------------------------------------\n";
! 25:
! 26: $queries = array(
! 27: "SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
! 28: "SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
! 29: "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
! 30: "SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
! 31: );
! 32:
! 33: foreach ($queries as $k => $query) {
! 34: $stmt = $db->prepare($query);
! 35: $stmt->execute(array(1));
! 36: printf("[%d] Query: [[%s]]\n", $k + 1, $query);
! 37: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
! 38: print implode(' - ', $stmt->errorinfo()) ."\n";
! 39: print "--------\n";
! 40: }
! 41:
! 42: $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
! 43: $sql = "SELECT upper(:id) FROM DUAL WHERE '1'";
! 44: $stmt = $db->prepare($sql);
! 45:
! 46: $id = 'o\'\0';
! 47: $stmt->bindParam(':id', $id);
! 48: $stmt->execute();
! 49: printf("Query: [[%s]]\n", $sql);
! 50: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
! 51: print implode(' - ', $stmt->errorinfo()) ."\n";
! 52:
! 53: print "-------------------------------------------------------\n";
! 54:
! 55: $queries = array(
! 56: "SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND 2 <> :id",
! 57: "SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id",
! 58: "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id",
! 59: "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id",
! 60: "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
! 61: "SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
! 62: "SELECT UPPER(:id) FROM DUAL WHERE '1'",
! 63: "SELECT 1 FROM DUAL WHERE '\''",
! 64: "SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
! 65: "SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
! 66: "SELECT 1 FROM DUAL WHERE '\'' = ''''",
! 67: "SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
! 68: "SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
! 69: );
! 70:
! 71: $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
! 72: $id = 1;
! 73:
! 74: foreach ($queries as $k => $query) {
! 75: $stmt = $db->prepare($query);
! 76: $stmt->bindParam(':id', $id);
! 77: $stmt->execute();
! 78:
! 79: printf("[%d] Query: [[%s]]\n", $k + 1, $query);
! 80: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
! 81: print implode(' - ', $stmt->errorinfo()) ."\n";
! 82: print "--------\n";
! 83: }
! 84:
! 85: ?>
! 86: --EXPECT--
! 87: 1
! 88: 00000 - -
! 89: -------------------------------------------------------
! 90: [1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
! 91:
! 92: 00000 - -
! 93: --------
! 94: [2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
! 95: a'0
! 96: 00000 - -
! 97: --------
! 98: [3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
! 99: a - b'
! 100: 00000 - -
! 101: --------
! 102: [4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
! 103: foo?bar - - '
! 104: 00000 - -
! 105: --------
! 106: Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
! 107: O'\0
! 108: 00000 - -
! 109: -------------------------------------------------------
! 110: [1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND 2 <> :id]]
! 111:
! 112: 00000 - -
! 113: --------
! 114: [2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id]]
! 115:
! 116: 00000 - -
! 117: --------
! 118: [3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id]]
! 119:
! 120: 00000 - -
! 121: --------
! 122: [4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id]]
! 123: 1
! 124: 00000 - -
! 125: --------
! 126: [5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
! 127: a - b'
! 128: 00000 - -
! 129: --------
! 130: [6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
! 131: a' - 'b'
! 132: 00000 - -
! 133: --------
! 134: [7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
! 135: 1
! 136: 00000 - -
! 137: --------
! 138: [8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
! 139:
! 140: 00000 - -
! 141: --------
! 142: [9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
! 143: 1
! 144: 00000 - -
! 145: --------
! 146: [10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
! 147:
! 148: 00000 - -
! 149: --------
! 150: [11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
! 151: 1
! 152: 00000 - -
! 153: --------
! 154: [12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
! 155:
! 156: 1 FROM DUAL WHERE '' and :id
! 157: 00000 - -
! 158: --------
! 159: [13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
! 160: 1
! 161: 00000 - -
! 162: --------
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>