function CoderReviewSecurityTest::testSecuritySQLUnquotedPlaceholders in Coder 7
Same name and namespace in other branches
- 7.2 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecuritySQLUnquotedPlaceholders()
File
- coder_review/
tests/ coder_review_security.test, line 47
Class
Code
function testSecuritySQLUnquotedPlaceholders() {
$this
->assertCoderReviewFail(' $sql = "SELECT * FROM {foo} WHERE name=%s";');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} (%s)";');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} (1,%s)";');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} (1, %s)";');
$this
->assertCoderReviewPass(' $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (\'%s\')";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1,\'%s\')";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1, \'%s\')";');
$this
->assertCoderReviewPass(' $sql = "SELECT * FROM {foo} WHERE name=%d";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (%d)";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1,%d)";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1, %d)";');
}