function CoderReviewSecurityTest::testSecuritySQLUnquotedPlaceholders in Coder 7.2
Same name and namespace in other branches
- 7 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecuritySQLUnquotedPlaceholders()
Tests functionality to detect correct use of SQL unquoted placeholders.
File
- coder_review/
tests/ coder_review_security.test, line 67
Class
- CoderReviewSecurityTest
- Tests the Coder_review functionality to detect security-related rules.
Code
function testSecuritySQLUnquotedPlaceholders() {
$this
->assertCoderReviewFail(' $sql = "SELECT * FROM {foo} WHERE name=%s";');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} (%s)";');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} (1,%s)";');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} (1, %s)";');
$this
->assertCoderReviewPass(' $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (\'%s\')";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1,\'%s\')";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1, \'%s\')";');
$this
->assertCoderReviewPass(' $sql = "SELECT * FROM {foo} WHERE name=%d";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (%d)";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1,%d)";');
$this
->assertCoderReviewPass(' $sql = "INSERT INTO {foo} (1, %d)";');
}