You are here

function CoderReviewSecurityTest::testSecuritySQLUnquotedPlaceholders in Coder 7

Same name and namespace in other branches
  1. 7.2 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecuritySQLUnquotedPlaceholders()

File

coder_review/tests/coder_review_security.test, line 47

Class

CoderReviewSecurityTest

Code

function testSecuritySQLUnquotedPlaceholders() {
  $this
    ->assertCoderReviewFail('  $sql = "SELECT * FROM {foo} WHERE name=%s";');
  $this
    ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (%s)";');
  $this
    ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (1,%s)";');
  $this
    ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (1, %s)";');
  $this
    ->assertCoderReviewPass('  $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
  $this
    ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (\'%s\')";');
  $this
    ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1,\'%s\')";');
  $this
    ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1, \'%s\')";');
  $this
    ->assertCoderReviewPass('  $sql = "SELECT * FROM {foo} WHERE name=%d";');
  $this
    ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (%d)";');
  $this
    ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1,%d)";');
  $this
    ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1, %d)";');
}