File: 08escape.phpt

package info (click to toggle)
php8.4 8.4.16-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 211,276 kB
  • sloc: ansic: 1,176,142; php: 35,419; sh: 11,964; cpp: 7,208; pascal: 4,951; javascript: 3,091; asm: 2,817; yacc: 2,411; makefile: 696; xml: 446; python: 301; awk: 148
file content (120 lines) | stat: -rw-r--r-- 3,120 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
--TEST--
PostgreSQL escape functions
--EXTENSIONS--
pgsql
--SKIPIF--
<?php include("inc/skipif.inc"); ?>
--FILE--
<?php

include 'inc/config.inc';
$table_name = "table_08escape";

define('FILE_NAME', __DIR__ . '/php.gif');

// pg_escape_string() test
$before = "ABC\\ABC\'";
$expect  = "ABC\\\\ABC\\'";
$expect2  = "ABC\\\\ABC\\\\''"; //the way escape string differs from PostgreSQL 9.0
$after = pg_escape_string($before);
if ($expect === $after || $expect2 === $after) {
    echo "pg_escape_string() is Ok\n";
}
else {
    echo "pg_escape_string() is NOT Ok\n";
    var_dump($before);
    var_dump($after);
    var_dump($expect);
}

// pg_escape_bytea() test
$before = "ABC\\ABC";
$expect  = "ABC\\\\\\\\ABC";
$after  = pg_escape_bytea($before);
if ($expect === $after) {
    echo "pg_escape_bytea() is Ok\n";
}
else {
    echo "pg_escape_byte() is NOT Ok\n";
    var_dump($before);
    var_dump($after);
    var_dump($expect);
}

// Test using database
$data = file_get_contents(FILE_NAME);
$db   = pg_connect($conn_str);
pg_query($db, "CREATE TABLE {$table_name} (num int, str text, bin bytea)");

// Insert binary to DB
$escaped_data = pg_escape_bytea($db, $data);
pg_query($db, "DELETE FROM ".$table_name." WHERE num = 10000;");
$sql = "INSERT INTO ".$table_name." (num, bin) VALUES (10000, CAST ('".$escaped_data."' AS BYTEA));";
pg_query($db, $sql);

// Retrieve binary from DB
for ($i = 0; $i < 2; $i++) {
    $sql = "SELECT bin::bytea FROM ".$table_name." WHERE num = 10000";
    $result = pg_query($db, $sql);
    $row = pg_fetch_array($result, 0, PGSQL_ASSOC);

    if ($data === pg_unescape_bytea($row['bin'])) {
        echo "pg_escape_bytea() actually works with database\n";
        break;
    }
    elseif (!$i) {
        // Force bytea escaping and retry
        @pg_query($db, "SET bytea_output = 'escape'");
    }
    else {
        $result = pg_query($db, $sql);
        echo "pg_escape_bytea() is broken\n";
        break;
    }
}

// pg_escape_literal/pg_escape_identifier
$before = "ABC\\ABC\'";
$expect	 = " E'ABC\\\\ABC\\\\'''";
$after = pg_escape_literal($db, $before);
if ($expect === $after) {
    echo "pg_escape_literal() is Ok\n";
}
else {
    echo "pg_escape_literal() is NOT Ok\n";
    var_dump($before);
    var_dump($after);
    var_dump($expect);
}

$before = "ABC\\ABC\'";
$expect	 = "\"ABC\ABC\'\"";
$after = pg_escape_identifier($db, $before);
if ($expect === $after) {
    echo "pg_escape_identifier() is Ok\n";
}
else {
    echo "pg_escape_identifier() is NOT Ok\n";
    var_dump($before);
    var_dump($after);
    var_dump($expect);
}

?>
--CLEAN--
<?php
include('inc/config.inc');
$table_name = "table_08escape";

$db = pg_connect($conn_str);
pg_query($db, "DROP TABLE IF EXISTS {$table_name}");
?>
--EXPECTF--
Deprecated: pg_escape_string(): Automatic fetching of PostgreSQL connection is deprecated in %s on line %d
pg_escape_string() is Ok

Deprecated: pg_escape_bytea(): Automatic fetching of PostgreSQL connection is deprecated in %s on line %d
pg_escape_bytea() is Ok
pg_escape_bytea() actually works with database
pg_escape_literal() is Ok
pg_escape_identifier() is Ok