From 2ef84c613f82dd2581c7bb2ba33fa825e6c43db8 Mon Sep 17 00:00:00 2001
From: MGatner <mgatner@icloud.com>
Date: Tue, 17 Sep 2019 13:50:29 -0400
Subject: [PATCH] Add database escape tests

---
 tests/system/Database/BaseConnectionTest.php | 17 -----
 tests/system/Database/Live/EscapeTest.php    | 70 ++++++++++++++++++++
 2 files changed, 70 insertions(+), 17 deletions(-)
 create mode 100644 tests/system/Database/Live/EscapeTest.php

diff --git a/tests/system/Database/BaseConnectionTest.php b/tests/system/Database/BaseConnectionTest.php
index 5dcd6d770cec..1439b755dd99 100644
--- a/tests/system/Database/BaseConnectionTest.php
+++ b/tests/system/Database/BaseConnectionTest.php
@@ -128,21 +128,4 @@ public function testStoresConnectionTimings()
 		$this->assertGreaterThan($start, $db->getConnectStart());
 		$this->assertGreaterThan(0.0, $db->getConnectDuration());
 	}
-
-	//--------------------------------------------------------------------
-
-	/**
-	 * Ensures we don't have escaped - values...
-	 *
-	 * @see https://github.com/codeigniter4/CodeIgniter4/issues/606
-	 */
-	public function testEscapeProtectsNegativeNumbers()
-	{
-		$db = new MockConnection($this->options);
-
-		$db->initialize();
-
-		$this->assertEquals("'-100'", $db->escape(-100));
-	}
-
 }
diff --git a/tests/system/Database/Live/EscapeTest.php b/tests/system/Database/Live/EscapeTest.php
new file mode 100644
index 000000000000..c4a635bd99ff
--- /dev/null
+++ b/tests/system/Database/Live/EscapeTest.php
@@ -0,0 +1,70 @@
+<?php namespace CodeIgniter\Database\Live;
+
+use CodeIgniter\Test\CIDatabaseTestCase;
+
+/**
+ * @group DatabaseLive
+ */
+class EscapeTest extends CIDatabaseTestCase
+{
+	protected $refresh = false;
+
+	//--------------------------------------------------------------------
+
+	/**
+	 * Ensures we don't have escaped - values...
+	 *
+	 * @see https://github.com/codeigniter4/CodeIgniter4/issues/606
+	 */
+	public function testEscapeProtectsNegativeNumbers()
+	{
+		$this->assertEquals("'-100'", $this->db->escape(-100));
+	}
+
+	//--------------------------------------------------------------------
+
+	public function testEscape()
+	{
+		$expected = "SELECT * FROM brands WHERE name = 'O\'Doules'";
+		$sql      = "SELECT * FROM brands WHERE name = " . $this->db->escape("O'Doules");
+
+		$this->assertEquals($expected, $sql);
+	}
+
+	//--------------------------------------------------------------------
+
+	public function testEscapeString()
+	{
+		$expected = "SELECT * FROM brands WHERE name = 'O\'Doules'";
+		$sql      = "SELECT * FROM brands WHERE name = '" . $this->db->escapeString("O'Doules") . "'";
+
+		$this->assertEquals($expected, $sql);
+	}
+
+	//--------------------------------------------------------------------
+
+	public function testEscapeLikeString()
+	{
+		$expected = "SELECT * FROM brands WHERE column LIKE '%10!% more%' ESCAPE '!'";
+		$sql      = "SELECT * FROM brands WHERE column LIKE '%" . $this->db->escapeLikeString("10% more") . "%' ESCAPE '!'";
+
+		$this->assertEquals($expected, $sql);
+	}
+
+	//--------------------------------------------------------------------
+
+	public function testEscapeLikeStringDirect()
+	{
+		if ($this->db->DBDriver === 'MySQLi')
+		{
+			$expected = "SHOW COLUMNS FROM brands WHERE column LIKE 'wild\_chars%'";
+			$sql      = "SHOW COLUMNS FROM brands WHERE column LIKE '". $this->db->escapeLikeStringDirect("wild_chars") . "%'";
+
+			$this->assertEquals($expected, $sql);
+		}
+		else
+		{
+			$this->expectNotToPerformAssertions();
+		}
+	}
+}