Annotation of embedaddon/php/ext/pdo_mysql/tests/bug41125.phpt, revision 1.1.1.1
1.1 misho 1: --TEST--
2: Bug #41125 (PDO mysql + quote() + prepare() can result in seg fault)
3: --SKIPIF--
4: <?php
5: require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'skipif.inc');
6: require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
7: MySQLPDOTest::skip();
8:
9: ?>
10: --FILE--
11: <?php
12:
13: require_once(dirname(__FILE__) . DIRECTORY_SEPARATOR . 'mysql_pdo_test.inc');
14:
15: $db = PDOTest::test_factory(dirname(__FILE__) . '/common.phpt');
16:
17: $search = "o'";
18: $sql = "SELECT 1 FROM DUAL WHERE 'o''riley' LIKE " . $db->quote('%' . $search . '%');
19: $stmt = $db->prepare($sql);
20: $stmt->execute();
21: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
22: print implode(' - ', $stmt->errorinfo()) ."\n";
23:
24: print "-------------------------------------------------------\n";
25:
26: $queries = array(
27: "SELECT 1 FROM DUAL WHERE 1 = '?\'\''",
28: "SELECT 'a\\'0' FROM DUAL WHERE 1 = ?",
29: "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND ?",
30: "SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?"
31: );
32:
33: foreach ($queries as $k => $query) {
34: $stmt = $db->prepare($query);
35: $stmt->execute(array(1));
36: printf("[%d] Query: [[%s]]\n", $k + 1, $query);
37: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
38: print implode(' - ', $stmt->errorinfo()) ."\n";
39: print "--------\n";
40: }
41:
42: $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
43: $sql = "SELECT upper(:id) FROM DUAL WHERE '1'";
44: $stmt = $db->prepare($sql);
45:
46: $id = 'o\'\0';
47: $stmt->bindParam(':id', $id);
48: $stmt->execute();
49: printf("Query: [[%s]]\n", $sql);
50: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
51: print implode(' - ', $stmt->errorinfo()) ."\n";
52:
53: print "-------------------------------------------------------\n";
54:
55: $queries = array(
56: "SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\\0' IS NULL AND 2 <> :id",
57: "SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id",
58: "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id",
59: "SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id",
60: "SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
61: "SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\\'' AND 1",
62: "SELECT UPPER(:id) FROM DUAL WHERE '1'",
63: "SELECT 1 FROM DUAL WHERE '\''",
64: "SELECT 1 FROM DUAL WHERE :id AND '\\0' OR :id",
65: "SELECT 1 FROM DUAL WHERE 'a\\f\\n\\0' AND 1 >= :id",
66: "SELECT 1 FROM DUAL WHERE '\'' = ''''",
67: "SELECT '\\n' '1 FROM DUAL WHERE '''' and :id'",
68: "SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id",
69: );
70:
71: $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, 1);
72: $id = 1;
73:
74: foreach ($queries as $k => $query) {
75: $stmt = $db->prepare($query);
76: $stmt->bindParam(':id', $id);
77: $stmt->execute();
78:
79: printf("[%d] Query: [[%s]]\n", $k + 1, $query);
80: print implode(' - ', (($r = @$stmt->fetch(PDO::FETCH_NUM)) ? $r : array())) ."\n";
81: print implode(' - ', $stmt->errorinfo()) ."\n";
82: print "--------\n";
83: }
84:
85: ?>
86: --EXPECT--
87: 1
88: 00000 - -
89: -------------------------------------------------------
90: [1] Query: [[SELECT 1 FROM DUAL WHERE 1 = '?\'\'']]
91:
92: 00000 - -
93: --------
94: [2] Query: [[SELECT 'a\'0' FROM DUAL WHERE 1 = ?]]
95: a'0
96: 00000 - -
97: --------
98: [3] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND ?]]
99: a - b'
100: 00000 - -
101: --------
102: [4] Query: [[SELECT 'foo?bar', '', '''' FROM DUAL WHERE ?]]
103: foo?bar - - '
104: 00000 - -
105: --------
106: Query: [[SELECT upper(:id) FROM DUAL WHERE '1']]
107: O'\0
108: 00000 - -
109: -------------------------------------------------------
110: [1] Query: [[SELECT 1, 'foo' FROM DUAL WHERE 1 = :id AND '\0' IS NULL AND 2 <> :id]]
111:
112: 00000 - -
113: --------
114: [2] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '' AND 2 <> :id]]
115:
116: 00000 - -
117: --------
118: [3] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'\'' = '''' AND 2 <> :id]]
119:
120: 00000 - -
121: --------
122: [4] Query: [[SELECT 1 FROM DUAL WHERE 1 = :id AND '\'' = '''' AND 2 <> :id]]
123: 1
124: 00000 - -
125: --------
126: [5] Query: [[SELECT 'a', 'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
127: a - b'
128: 00000 - -
129: --------
130: [6] Query: [[SELECT 'a''', '\'b\'' FROM DUAL WHERE '''' LIKE '\'' AND 1]]
131: a' - 'b'
132: 00000 - -
133: --------
134: [7] Query: [[SELECT UPPER(:id) FROM DUAL WHERE '1']]
135: 1
136: 00000 - -
137: --------
138: [8] Query: [[SELECT 1 FROM DUAL WHERE '\'']]
139:
140: 00000 - -
141: --------
142: [9] Query: [[SELECT 1 FROM DUAL WHERE :id AND '\0' OR :id]]
143: 1
144: 00000 - -
145: --------
146: [10] Query: [[SELECT 1 FROM DUAL WHERE 'a\f\n\0' AND 1 >= :id]]
147:
148: 00000 - -
149: --------
150: [11] Query: [[SELECT 1 FROM DUAL WHERE '\'' = '''']]
151: 1
152: 00000 - -
153: --------
154: [12] Query: [[SELECT '\n' '1 FROM DUAL WHERE '''' and :id']]
155:
156: 1 FROM DUAL WHERE '' and :id
157: 00000 - -
158: --------
159: [13] Query: [[SELECT 1 'FROM DUAL WHERE :id AND '''' = '''' OR 1 = 1 AND ':id]]
160: 1
161: 00000 - -
162: --------
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>