You are here

Home » API reference » Coder 6.2 » coder_security.test » CoderSecurityTest

function CoderSecurityTest::testSecuritySQLUnquotedPlaceholders in Coder 6.2

Same name and namespace in other branches
  1. 6 tests/coder_security.test \CoderSecurityTest::testSecuritySQLUnquotedPlaceholders()

File

tests/coder_security.test, line 41

Class

CoderSecurityTest

Code

function testSecuritySQLUnquotedPlaceholders() {
  $this
    ->assertCoderFail('  $sql = "SELECT * FROM {foo} WHERE name=%s";');
  $this
    ->assertCoderFail('  $sql = "INSERT INTO {foo} (%s)";');
  $this
    ->assertCoderFail('  $sql = "INSERT INTO {foo} (1,%s)";');
  $this
    ->assertCoderFail('  $sql = "INSERT INTO {foo} (1, %s)";');
  $this
    ->assertCoderPass('  $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
  $this
    ->assertCoderPass('  $sql = "INSERT INTO {foo} (\'%s\')";');
  $this
    ->assertCoderPass('  $sql = "INSERT INTO {foo} (1,\'%s\')";');
  $this
    ->assertCoderPass('  $sql = "INSERT INTO {foo} (1, \'%s\')";');
  $this
    ->assertCoderPass('  $sql = "SELECT * FROM {foo} WHERE name=%d";');
  $this
    ->assertCoderPass('  $sql = "INSERT INTO {foo} (%d)";');
  $this
    ->assertCoderPass('  $sql = "INSERT INTO {foo} (1,%d)";');
  $this
    ->assertCoderPass('  $sql = "INSERT INTO {foo} (1, %d)";');
}