diff options
| author | shadlaws <shad@shadlaws.com> | 2013-01-25 08:47:29 +0100 |
|---|---|---|
| committer | shadlaws <shad@shadlaws.com> | 2013-01-25 08:47:29 +0100 |
| commit | 48bd19808c38a8de20cfece1adc1ffe226da3783 (patch) | |
| tree | d8cdea6ffe7e3862ee38f90082a43e30a7ced0bb /modules/gallery/tests | |
| parent | 4c1dc8457e82bd8960e10416981b5dadfc3aebe4 (diff) | |
#1956 - Escape LIKE queries (for _ and %).
In MySQL queries, _ and % characters are treated as wildcards (similar to ? and *, respectively).
- Added escape_for_like function to MY_Database.php
- Added unit test to Database_Test
- Corrected the five unescaped instances in the code using this function.
Diffstat (limited to 'modules/gallery/tests')
| -rw-r--r-- | modules/gallery/tests/Database_Test.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php index ab3290a9..106062f5 100644 --- a/modules/gallery/tests/Database_Test.php +++ b/modules/gallery/tests/Database_Test.php @@ -147,6 +147,12 @@ class Database_Test extends Gallery_Unit_Test_Case { $sql = str_replace("\n", " ", $sql); $this->assert_same("UPDATE [test_tables] SET [name] = [Test Name] WHERE [1] = [1]", $sql); } + + function escape_for_like_test() { + // Note: literal double backslash is written as \\\ + $this->assert_same('basic\_test', Database::escape_for_like("basic_test")); + $this->assert_same('\\\100\%\_test/', Database::escape_for_like('\100%_test/')); + } } class Database_Mock extends Database { |