Skip to content

Commit

Permalink
Add database escape tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@MGatner
MGatner committed Sep 17, 2019
1 parent c3cc69b commit 2ef84c6
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 17 deletions.
17 changes: 0 additions & 17 deletions tests/system/Database/BaseConnectionTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,21 +128,4 @@ public function testStoresConnectionTimings()
$this->assertGreaterThan($start, $db->getConnectStart());
$this->assertGreaterThan(0.0, $db->getConnectDuration());
}

//--------------------------------------------------------------------

/**
* Ensures we don't have escaped - values...
*
* @see https://github.com/codeigniter4/CodeIgniter4/issues/606
*/
public function testEscapeProtectsNegativeNumbers()
{
$db = new MockConnection($this->options);

$db->initialize();

$this->assertEquals("'-100'", $db->escape(-100));
}

}
70 changes: 70 additions & 0 deletions tests/system/Database/Live/EscapeTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,70 @@
<?php namespace CodeIgniter\Database\Live;

use CodeIgniter\Test\CIDatabaseTestCase;

/**
* @group DatabaseLive
*/
class EscapeTest extends CIDatabaseTestCase
{
protected $refresh = false;

//--------------------------------------------------------------------

/**
* Ensures we don't have escaped - values...
*
* @see https://github.com/codeigniter4/CodeIgniter4/issues/606
*/
public function testEscapeProtectsNegativeNumbers()
{
$this->assertEquals("'-100'", $this->db->escape(-100));
}

//--------------------------------------------------------------------

public function testEscape()
{
$expected = "SELECT * FROM brands WHERE name = 'O\'Doules'";
$sql = "SELECT * FROM brands WHERE name = " . $this->db->escape("O'Doules");

$this->assertEquals($expected, $sql);
}

//--------------------------------------------------------------------

public function testEscapeString()
{
$expected = "SELECT * FROM brands WHERE name = 'O\'Doules'";
$sql = "SELECT * FROM brands WHERE name = '" . $this->db->escapeString("O'Doules") . "'";

$this->assertEquals($expected, $sql);
}

//--------------------------------------------------------------------

public function testEscapeLikeString()
{
$expected = "SELECT * FROM brands WHERE column LIKE '%10!% more%' ESCAPE '!'";
$sql = "SELECT * FROM brands WHERE column LIKE '%" . $this->db->escapeLikeString("10% more") . "%' ESCAPE '!'";

$this->assertEquals($expected, $sql);
}

//--------------------------------------------------------------------

public function testEscapeLikeStringDirect()
{
if ($this->db->DBDriver === 'MySQLi')
{
$expected = "SHOW COLUMNS FROM brands WHERE column LIKE 'wild\_chars%'";
$sql = "SHOW COLUMNS FROM brands WHERE column LIKE '". $this->db->escapeLikeStringDirect("wild_chars") . "%'";

$this->assertEquals($expected, $sql);
}
else
{
$this->expectNotToPerformAssertions();
}
}
}

0 comments on commit 2ef84c6

Please sign in to comment.