function DatabaseSelectTestCase::testVulnerableComment
7.x database_test.test | DatabaseSelectTestCase::testVulnerableComment() |
Test query COMMENT system against vulnerabilities.
File
- drupal-7.x/
modules/ simpletest/ tests/ database_test.test, line 1405
Class
- DatabaseSelectTestCase
- Test the SELECT builder.
Code
function testVulnerableComment() {
$query = db_select('test')->comment('Testing query comments */ SELECT nid FROM {node}; --');
$name_field = $query->addField('test', 'name');
$age_field = $query->addField('test', 'age', 'age');
$result = $query->execute();
$num_records = 0;
foreach ($result as $record) {
$num_records++;
}
$query = (string) $query;
$expected = "/* Testing query comments SELECT nid FROM {node}; -- */ SELECT test.name AS name, test.age AS age\nFROM \n{test} test";
$this->assertEqual($num_records, 4, 'Returned the correct number of rows.');
$this->assertEqual($query, $expected, 'The flattened query contains the sanitised comment string.');
}