Skip to content

Commit 2ef84c6

Browse files
MGatnerMGatner
committed
Add database escape tests
1 parent c3cc69b commit 2ef84c6

2 files changed

Lines changed: 70 additions & 17 deletions

File tree

tests/system/Database/BaseConnectionTest.php

Lines changed: 0 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -128,21 +128,4 @@ public function testStoresConnectionTimings()
128128
$this->assertGreaterThan($start, $db->getConnectStart());
129129
$this->assertGreaterThan(0.0, $db->getConnectDuration());
130130
}
131-
132-
//--------------------------------------------------------------------
133-
134-
/**
135-
* Ensures we don't have escaped - values...
136-
*
137-
* @see https://github.com/codeigniter4/CodeIgniter4/issues/606
138-
*/
139-
public function testEscapeProtectsNegativeNumbers()
140-
{
141-
$db = new MockConnection($this->options);
142-
143-
$db->initialize();
144-
145-
$this->assertEquals("'-100'", $db->escape(-100));
146-
}
147-
148131
}

tests/system/Database/Live/EscapeTest.php

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
<?php namespace CodeIgniter\Database\Live;
2+
3+
use CodeIgniter\Test\CIDatabaseTestCase;
4+
5+
/**
6+
* @group DatabaseLive
7+
*/
8+
class EscapeTest extends CIDatabaseTestCase
9+
{
10+
protected $refresh = false;
11+
12+
//--------------------------------------------------------------------
13+
14+
/**
15+
* Ensures we don't have escaped - values...
16+
*
17+
* @see https://github.com/codeigniter4/CodeIgniter4/issues/606
18+
*/
19+
public function testEscapeProtectsNegativeNumbers()
20+
{
21+
$this->assertEquals("'-100'", $this->db->escape(-100));
22+
}
23+
24+
//--------------------------------------------------------------------
25+
26+
public function testEscape()
27+
{
28+
$expected = "SELECT * FROM brands WHERE name = 'O\'Doules'";
29+
$sql = "SELECT * FROM brands WHERE name = " . $this->db->escape("O'Doules");
30+
31+
$this->assertEquals($expected, $sql);
32+
}
33+
34+
//--------------------------------------------------------------------
35+
36+
public function testEscapeString()
37+
{
38+
$expected = "SELECT * FROM brands WHERE name = 'O\'Doules'";
39+
$sql = "SELECT * FROM brands WHERE name = '" . $this->db->escapeString("O'Doules") . "'";
40+
41+
$this->assertEquals($expected, $sql);
42+
}
43+
44+
//--------------------------------------------------------------------
45+
46+
public function testEscapeLikeString()
47+
{
48+
$expected = "SELECT * FROM brands WHERE column LIKE '%10!% more%' ESCAPE '!'";
49+
$sql = "SELECT * FROM brands WHERE column LIKE '%" . $this->db->escapeLikeString("10% more") . "%' ESCAPE '!'";
50+
51+
$this->assertEquals($expected, $sql);
52+
}
53+
54+
//--------------------------------------------------------------------
55+
56+
public function testEscapeLikeStringDirect()
57+
{
58+
if ($this->db->DBDriver === 'MySQLi')
59+
{
60+
$expected = "SHOW COLUMNS FROM brands WHERE column LIKE 'wild\_chars%'";
61+
$sql = "SHOW COLUMNS FROM brands WHERE column LIKE '". $this->db->escapeLikeStringDirect("wild_chars") . "%'";
62+
63+
$this->assertEquals($expected, $sql);
64+
}
65+
else
66+
{
67+
$this->expectNotToPerformAssertions();
68+
}
69+
}
70+
}

0 commit comments

Comments
 (0)