-
-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathsyntax-error-in-query-method.php
More file actions
125 lines (100 loc) · 3.52 KB
/
syntax-error-in-query-method.php
File metadata and controls
125 lines (100 loc) · 3.52 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
<?php
namespace SyntaxErrorInQueryMethodRuleTest;
use PDO;
class Foo
{
public function syntaxErrorPdoQuery(PDO $pdo)
{
$pdo->query('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', PDO::FETCH_ASSOC);
}
public function syntaxErrorMysqli(\mysqli $mysqli)
{
$mysqli->query('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', PDO::FETCH_ASSOC);
}
public function unknownColumn(PDO $pdo)
{
$pdo->query('SELECT doesNotExist, adaid, gesperrt, freigabe1u1 FROM ada', PDO::FETCH_ASSOC);
}
public function unknownWhereColumn(PDO $pdo)
{
$pdo->query('SELECT * FROM ada WHERE doesNotExist=1', PDO::FETCH_ASSOC);
}
public function unknownOrderColumn(PDO $pdo)
{
$pdo->query('SELECT * FROM ada ORDER BY doesNotExist', PDO::FETCH_ASSOC);
}
public function unknownGroupByColumn(PDO $pdo)
{
$pdo->query('SELECT * FROM ada GROUP BY doesNotExist', PDO::FETCH_ASSOC);
}
public function unknownTable(PDO $pdo)
{
$pdo->query('SELECT * FROM unknown_table', PDO::FETCH_ASSOC);
}
public function incompleteQuery(PDO $pdo, string $tableName)
{
$pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM '.$tableName.' LIMIT 1', PDO::FETCH_ASSOC);
}
public function syntaxErrorInQueryUnion(PDO $pdo)
{
$add = '';
if (rand(0, 1)) {
$add .= " WHERE email='my_other_table'";
}
$pdo->query('SELECT email, adaid GROUP BY xy FROM ada '.$add.' LIMIT 1', PDO::FETCH_ASSOC);
}
public function queryUnion(PDO $pdo)
{
$add = '';
if (rand(0, 1)) {
$add .= " WHERE email='my_other_table'";
}
$pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada '.$add.' LIMIT 1', PDO::FETCH_ASSOC);
}
public function validQuery(PDO $pdo)
{
$pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada', PDO::FETCH_ASSOC);
}
public function syntaxErrorPdoPrepare(PDO $pdo)
{
$pdo->prepare('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada');
}
public function syntaxErrorDoctrineDbal(\Doctrine\DBAL\Connection $conn)
{
$sql = 'SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada';
$conn->query($sql);
}
public function noErrorOnQueriesContainingPlaceholders(\Doctrine\DBAL\Connection $conn)
{
// errors in this scenario are reported by SyntaxErrorInPreparedStatementMethodRule only
$conn->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=?');
}
public function conditionalSyntaxError(PDO $pdo)
{
$query = 'SELECT email, adaid, gesperrt, freigabe1u1 FROM ada';
if (rand(0, 1)) {
// valid condition
$query .= ' WHERE gesperrt=1';
} else {
// unknown column
$query .= ' WHERE asdsa=1';
}
$pdo->query($query);
}
public function validPrepare(PDO $pdo)
{
$pdo->prepare('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=?');
}
public function conditionalSyntaxErrorInQueryUnion(PDO $pdo)
{
$add = "WHERE email='my_other_table'";
if (rand(0, 1)) {
$add = 'GROUP BY xy';
}
$pdo->query('SELECT email, adaid FROM ada '.$add.' LIMIT 1', PDO::FETCH_ASSOC);
}
public function unknownConstant(PDO $pdo)
{
$pdo->query('SELECT * FROM ada WHERE doesNotExist='.CONSTANT_DOES_NOT_EXIST, PDO::FETCH_ASSOC);
}
}