mirror_php/php-debugbar
1
0
Fork 0
mirror of https://github.com/maximebf/php-debugbar.git synced 2025-01-17 21:38:14 +01:00
Code Issues Releases Wiki Activity
php-debugbar/tests/DebugBar/Tests/TracedStatementTest.php
Noah Heck 3f311533b5 Traced statement interpolation fixes (#381) 
* Prevent back reference issues in TracedStatement

* Prevent substring replacement

If a previously replaced value in the query string contains the placeholder
for a future replacement, the string inside was being replaced
Also, PHP allows the bindParameter syntax to omit the leading ':', so we
test to make sure it's there and add it if not
2018-04-16 21:36:29 +02:00

122 lines
3.9 KiB
PHP
Raw Blame History

<?php
namespace DebugBar\Tests;
use DebugBar\DataCollector\PDO\TracedStatement;
/**
* Class TracedStatementTest
* @package DebugBar\Tests
*/
class TracedStatementTest extends DebugBarTestCase
{
/**
* Check if query parameters are being replaced in the correct way
* @bugFix Before fix it : select *
* from geral.exame_part ep
* where ep.id_exame = <1> and
* ep.id_exame_situacao = <2>'
* ep.id_exame_situacao = <1>_situacao
* @return void
*/
public function testReplacementParamsQuery()
{
$sql = 'select *
from geral.exame_part ep
where ep.id_exame = :id_exame and
ep.id_exame_situacao = :id_exame_situacao';
$params = array(
':id_exame' => 1,
':id_exame_situacao' => 2
);
$traced = new TracedStatement($sql, $params);
$expected = 'select *
from geral.exame_part ep
where ep.id_exame = <1> and
ep.id_exame_situacao = <2>';
$result = $traced->getSqlWithParams();
$this->assertEquals($expected, $result);
}
public function testReplacementParamsContainingBackReferenceSyntaxGeneratesCorrectString()
{
$hashedPassword = '$2y$10$S3Y/kSsx8Z5BPtdd9.k3LOkbQ0egtsUHBT9EGQ.spxsmaEWbrxBW2';
$sql = "UPDATE user SET password = :password";
$params = array(
':password' => $hashedPassword,
);
$traced = new TracedStatement($sql, $params);
$result = $traced->getSqlWithParams();
$expected = "UPDATE user SET password = <$hashedPassword>";
$this->assertEquals($expected, $result);
}
public function testReplacementParamsContainingPotentialAdditionalQuestionMarkPlaceholderGeneratesCorrectString()
{
$hasQuestionMark = "Asking a question?";
$string = "Asking for a friend";
$sql = "INSERT INTO questions SET question = ?, detail = ?";
$params = array($hasQuestionMark, $string);
$traced = new TracedStatement($sql, $params);
$result = $traced->getSqlWithParams();
$expected = "INSERT INTO questions SET question = <$hasQuestionMark>, detail = <$string>";
$this->assertEquals($expected, $result);
$result = $traced->getSqlWithParams("'");
$expected = "INSERT INTO questions SET question = '$hasQuestionMark', detail = '$string'";
$this->assertEquals($expected, $result);
$result = $traced->getSqlWithParams('"');
$expected = "INSERT INTO questions SET question = \"$hasQuestionMark\", detail = \"$string\"";
$this->assertEquals($expected, $result);
}
public function testReplacementParamsContainingPotentialAdditionalNamedPlaceholderGeneratesCorrectString()
{
$hasQuestionMark = "Asking a question with a :string inside";
$string = "Asking for a friend";
$sql = "INSERT INTO questions SET question = :question, detail = :string";
$params = array(
':question' => $hasQuestionMark,
':string' => $string,
);
$traced = new TracedStatement($sql, $params);
$result = $traced->getSqlWithParams();
$expected = "INSERT INTO questions SET question = <$hasQuestionMark>, detail = <$string>";
$this->assertEquals($expected, $result);
$result = $traced->getSqlWithParams("'");
$expected = "INSERT INTO questions SET question = '$hasQuestionMark', detail = '$string'";
$this->assertEquals($expected, $result);
$result = $traced->getSqlWithParams('"');
$expected = "INSERT INTO questions SET question = \"$hasQuestionMark\", detail = \"$string\"";
$this->assertEquals($expected, $result);
}
}
Reference in New Issue View Git Blame Copy Permalink