tests/Doctrine/Tests/DBAL/Functional/DataAccessTest.php 1 location
|
@@ 580-586 (lines=7) @@
|
| 577 |
|
$this->assertEquals(0, $row['locate9']); |
| 578 |
|
} |
| 579 |
|
|
| 580 |
|
public function testQuoteSQLInjection() |
| 581 |
|
{ |
| 582 |
|
$sql = "SELECT * FROM fetch_table WHERE test_string = " . $this->_conn->quote("bar' OR '1'='1"); |
| 583 |
|
$rows = $this->_conn->fetchAll($sql); |
| 584 |
|
|
| 585 |
|
$this->assertEquals(0, count($rows), "no result should be returned, otherwise SQL injection is possible"); |
| 586 |
|
} |
| 587 |
|
|
| 588 |
|
/** |
| 589 |
|
* @group DDC-1213 |
tests/Doctrine/Tests/DBAL/Functional/WriteTest.php 1 location
|
@@ 40-46 (lines=7) @@
|
| 37 |
|
$this->assertTrue((bool)$this->_conn->fetchColumn($sql, array("text", 1111))); |
| 38 |
|
} |
| 39 |
|
|
| 40 |
|
public function testExecuteUpdate() |
| 41 |
|
{ |
| 42 |
|
$sql = "INSERT INTO write_table (test_int) VALUES ( " . $this->_conn->quote(1) . ")"; |
| 43 |
|
$affected = $this->_conn->executeUpdate($sql); |
| 44 |
|
|
| 45 |
|
$this->assertEquals(1, $affected, "executeUpdate() should return the number of affected rows!"); |
| 46 |
|
} |
| 47 |
|
|
| 48 |
|
public function testExecuteUpdateWithTypes() |
| 49 |
|
{ |
doctrine /
dbal
