You are here

public function OrderByTest::testFieldEscaping in Drupal 8

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Database/OrderByTest.php \Drupal\Tests\Core\Database\OrderByTest::testFieldEscaping()

Tests that fields passed for ordering get escaped properly.

File

core/tests/Drupal/Tests/Core/Database/OrderByTest.php, line 44

Class

OrderByTest
Tests the orderBy() method of select queries.

Namespace

Drupal\Tests\Core\Database

Code

public function testFieldEscaping() {
  $this->query
    ->orderBy('x; DROP table node; --');
  $sql = $this->query
    ->__toString();
  $this
    ->assertStringEndsWith('ORDER BY xDROPtablenode ASC', $sql, 'Order by field is escaped correctly.');
}