Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-02-07 04:58:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix/test more sql injections

Browse Source
This commit is contained in:
Dennis Eichhorn 2018-02-17 09:39:29 +01:00
parent f7ebd61f40
commit 4c04ce01c2
2 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
DataStorage/Database/Query/Builder.php
View File

@ -728,7 +728,7 @@ class Builder extends BuilderAbstract
* *
* @since 1.0.0 * @since 1.0.0
*/ */
public function offset($offset) : Builder public function offset(int $offset) : Builder
{ {
$this->offset = $offset; $this->offset = $offset;
@ -744,7 +744,7 @@ class Builder extends BuilderAbstract
* *
* @since 1.0.0 * @since 1.0.0
*/ */
public function limit($limit) : Builder public function limit(int $limit) : Builder
{ {
$this->limit = $limit; $this->limit = $limit;
@ -933,6 +933,18 @@ class Builder extends BuilderAbstract
return $this; return $this;
} }
/**
* Get insert values
*
* @return array
*
* @since 1.0.0
*/
public function getValues() : array
{
return $this->values;
}
/** /**
* Values to insert. * Values to insert.
* *

30
tests/DataStorage/Database/Query/BuilderTest.php
View File

@ -62,6 +62,16 @@ class BuilderTest extends \PHPUnit\Framework\TestCase
->orderBy(['a.test', 'b.test', ], ['ASC', 'DESC', ]) ->orderBy(['a.test', 'b.test', ], ['ASC', 'DESC', ])
->toSql() ->toSql()
); );
$query = new Builder($this->con);
$sql = 'SELECT `a`.`test`, `b`.`test` FROM `a`, `b` WHERE `a`.`test` = :abcValue ORDER BY `a`.`test` ASC, `b`.`test` DESC;';
self::assertEquals($sql,
$query->select('a.test', 'b.test')
->from('a', 'b')
->where('a.test', '=', ':abcValue')
->orderBy(['a.test', 'b.test', ], ['ASC', 'DESC', ])
->toSql()
);
} }
public function testMysqlOrder() public function testMysqlOrder()
@ -114,6 +124,10 @@ class BuilderTest extends \PHPUnit\Framework\TestCase
$query = new Builder($this->con); $query = new Builder($this->con);
self::assertEquals($sql, $query->select('a.test')->from('a')->where('a.test', '=', 1)->groupBy('a', 'b')->toSql()); self::assertEquals($sql, $query->select('a.test')->from('a')->where('a.test', '=', 1)->groupBy('a', 'b')->toSql());
$query = new Builder($this->con);
$sql = 'SELECT `a`.`test` FROM `a` WHERE `a`.`test` = :test GROUP BY `a`, `b`;';
self::assertEquals($sql, $query->select('a.test')->from('a')->where('a.test', '=', ':test')->groupBy('a', 'b')->toSql());
} }
public function testMysqlWheres() public function testMysqlWheres()
@ -169,6 +183,10 @@ class BuilderTest extends \PHPUnit\Framework\TestCase
$query = new Builder($this->con); $query = new Builder($this->con);
$sql = 'SELECT `a`.`test` FROM `a` WHERE `a`.`test` = 1 OR `a`.`test2` IN (\'a\', \'b\', \'c\');'; $sql = 'SELECT `a`.`test` FROM `a` WHERE `a`.`test` = 1 OR `a`.`test2` IN (\'a\', \'b\', \'c\');';
self::assertEquals($sql, $query->select('a.test')->from('a')->where('a.test', '=', 1)->whereIn('a.test2', ['a', 'b', 'c'], 'or')->toSql()); self::assertEquals($sql, $query->select('a.test')->from('a')->where('a.test', '=', 1)->whereIn('a.test2', ['a', 'b', 'c'], 'or')->toSql());
$query = new Builder($this->con);
$sql = 'SELECT `a`.`test` FROM `a` WHERE `a`.`test` = :testWhere OR `a`.`test2` IN (\'a\', :bValue, \'c\');';
self::assertEquals($sql, $query->select('a.test')->from('a')->where('a.test', '=', ':testWhere')->whereIn('a.test2', ['a', ':bValue', 'c'], 'or')->toSql());
} }
public function testMysqlInsert() public function testMysqlInsert()
@ -180,6 +198,10 @@ class BuilderTest extends \PHPUnit\Framework\TestCase
$query = new Builder($this->con); $query = new Builder($this->con);
$sql = 'INSERT INTO `a` (`test`, `test2`) VALUES (1, \'test\');'; $sql = 'INSERT INTO `a` (`test`, `test2`) VALUES (1, \'test\');';
self::assertEquals($sql, $query->insert('test', 'test2')->into('a')->values(1, 'test')->toSql()); self::assertEquals($sql, $query->insert('test', 'test2')->into('a')->values(1, 'test')->toSql());
$query = new Builder($this->con);
$sql = 'INSERT INTO `a` (`test`, `test2`) VALUES (:test, :test2);';
self::assertEquals($sql, $query->insert('test', 'test2')->into('a')->values(':test', ':test2')->toSql());
} }
public function testMysqlDelete() public function testMysqlDelete()
@ -187,6 +209,10 @@ class BuilderTest extends \PHPUnit\Framework\TestCase
$query = new Builder($this->con); $query = new Builder($this->con);
$sql = 'DELETE FROM `a` WHERE `a`.`test` = 1;'; $sql = 'DELETE FROM `a` WHERE `a`.`test` = 1;';
self::assertEquals($sql, $query->delete()->from('a')->where('a.test', '=', 1)->toSql()); self::assertEquals($sql, $query->delete()->from('a')->where('a.test', '=', 1)->toSql());
$query = new Builder($this->con);
$sql = 'DELETE FROM `a` WHERE `a`.`test` = :testVal;';
self::assertEquals($sql, $query->delete()->from('a')->where('a.test', '=', ':testVal')->toSql());
} }
public function testMysqlUpdate() public function testMysqlUpdate()
@ -194,6 +220,10 @@ class BuilderTest extends \PHPUnit\Framework\TestCase
$query = new Builder($this->con); $query = new Builder($this->con);
$sql = 'UPDATE `a` SET `a`.`test` = 1, `a`.`test2` = 2 WHERE `a`.`test` = 1;'; $sql = 'UPDATE `a` SET `a`.`test` = 1, `a`.`test2` = 2 WHERE `a`.`test` = 1;';
self::assertEquals($sql, $query->update('a')->set(['a.test' => 1])->set(['a.test2' => 2])->where('a.test', '=', 1)->toSql()); self::assertEquals($sql, $query->update('a')->set(['a.test' => 1])->set(['a.test2' => 2])->where('a.test', '=', 1)->toSql());
$query = new Builder($this->con);
$sql = 'UPDATE `a` SET `a`.`test` = 1, `a`.`test2` = :test2 WHERE `a`.`test` = :test3;';
self::assertEquals($sql, $query->update('a')->set(['a.test' => 1])->set(['a.test2' => ':test2'])->where('a.test', '=', ':test3')->toSql());
} }
public function testRaw() public function testRaw()