File: mysqli_real_escape_string_nobackslash.phpt

package info (click to toggle)

php8.2 8.2.29-1~deb12u1

links: PTS, VCS
area: main
in suites: bookworm-proposed-updates
size: 209,600 kB
sloc: ansic: 736,658; php: 33,046; sh: 11,432; cpp: 7,005; pascal: 4,448; javascript: 3,112; asm: 2,404; yacc: 2,222; xml: 1,784; makefile: 689; awk: 148

file content (65 lines) | stat: -rw-r--r-- 2,322 bytes

parent folder | download | duplicates (2)

--TEST--
mysqli_real_escape_string() - SQL Mode NO_BACKSLASH_ESCAPE
--EXTENSIONS--
mysqli
--SKIPIF--
<?php
require_once('skipifconnectfailure.inc');
?>
--FILE--
<?php
    require_once("connect.inc");
    require_once('table.inc');

    if (!mysqli_query($link, 'SET @@sql_mode="NO_BACKSLASH_ESCAPES"'))
        printf("[001] Cannot set NO_BACKSLASH_ESCAPES, [%d] %s\n", mysqli_errno($link), mysqli_error($link));

    if ('\\' !== ($tmp = mysqli_real_escape_string($link, '\\')))
        printf("[002] Expecting \\, got %s\n", $tmp);

    if ('"' !== ($tmp = mysqli_real_escape_string($link, '"')))
        printf("[003] Expecting \", got %s\n", $tmp);

    if ("''" !== ($tmp = mysqli_real_escape_string($link, "'")))
        printf("[004] Expecting '', got %s\n", $tmp);

    if ("\n" !== ($tmp = mysqli_real_escape_string($link, "\n")))
        printf("[005] Expecting \\n, got %s\n", $tmp);

    if ("\r" !== ($tmp = mysqli_real_escape_string($link, "\r")))
        printf("[006] Expecting \\r, got %s\n", $tmp);

    assert("foo" . chr(0) . "bar" === "foo" . chr(0) . "bar");
    if ("foo" . chr(0) . "bar" !== ($tmp = mysqli_real_escape_string($link, "foo" . chr(0) . "bar")))
        printf("[007] Expecting %s, got %s\n", "foo" . chr(0) . "bar", $tmp);

    if (!mysqli_query($link, sprintf('INSERT INTO test(id, label) VALUES (100, "%s")',
            mysqli_real_escape_string($link, "\\"))))
        printf("[009] Cannot INSERT, [%d] %s\n", mysqli_errno($link), mysqli_error($link));

    if (!($res = mysqli_query($link, 'SELECT label FROM test WHERE id = 100')) ||
            !($row = mysqli_fetch_assoc($res)))
        printf("[010] [%d] %s\n", mysqli_errno($link), mysqli_error($link));

    var_dump($row);
    mysqli_free_result($res);

    if (!mysqli_query($link, 'SET @@sql_mode=""'))
        printf("[011] Cannot disable NO_BACKSLASH_ESCAPES, [%d] %s\n", mysqli_errno($link), mysqli_error($link));

    if ('\\\\' !== ($tmp = mysqli_real_escape_string($link, '\\')))
        printf("[012] Expecting \\, got %s\n", $tmp);

    if ("foo\\0bar" !== ($tmp = mysqli_real_escape_string($link, "foo" . chr(0) . "bar")))
        printf("[013] Expecting %s, got %s\n", "foo" . chr(0) . "bar", $tmp);

    mysqli_close($link);

    print "done!";
?>
--EXPECT--
array(1) {
  ["label"]=>
  string(1) "\"
}
done!