From 48bd19808c38a8de20cfece1adc1ffe226da3783 Mon Sep 17 00:00:00 2001
From: shadlaws <shad@shadlaws.com>
Date: Fri, 25 Jan 2013 08:47:29 +0100
Subject: #1956 - Escape LIKE queries (for _ and %). In MySQL queries, _ and %
 characters are treated as wildcards (similar to ? and *, respectively). -
 Added escape_for_like function to MY_Database.php - Added unit test to
 Database_Test - Corrected the five unescaped instances in the code using this
 function.

---
 modules/gallery/tests/Database_Test.php | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'modules/gallery/tests/Database_Test.php')

diff --git a/modules/gallery/tests/Database_Test.php b/modules/gallery/tests/Database_Test.php
index ab3290a9..106062f5 100644
--- a/modules/gallery/tests/Database_Test.php
+++ b/modules/gallery/tests/Database_Test.php
@@ -147,6 +147,12 @@ class Database_Test extends Gallery_Unit_Test_Case {
     $sql = str_replace("\n", " ", $sql);
     $this->assert_same("UPDATE [test_tables] SET [name] = [Test Name] WHERE [1] = [1]", $sql);
   }
+
+  function escape_for_like_test() {
+    // Note: literal double backslash is written as \\\
+    $this->assert_same('basic\_test', Database::escape_for_like("basic_test"));
+    $this->assert_same('\\\100\%\_test/', Database::escape_for_like('\100%_test/'));
+  }
 }
 
 class Database_Mock extends Database {
-- 
cgit v1.2.3