function addQuotes( $s ) {
if ( $s instanceof Blob ) {
return "x'" . bin2hex( $s->fetch() ) . "'";
+ } else if ( strpos( $s, "\0" ) !== false ) {
+ // SQLite doesn't support \0 in strings, so use the hex representation as a workaround.
+ // This is a known limitation of SQLite's mprintf function which PDO should work around,
+ // but doesn't. I have reported this to php.net as bug #63419:
+ // https://bugs.php.net/bug.php?id=63419
+ // There was already a similar report for SQLite3::escapeString, bug #62361:
+ // https://bugs.php.net/bug.php?id=62361
+ return "x'" . bin2hex( $s ) . "'";
} else {
return $this->mConn->quote( $s );
}
$this->assertEquals( count( $expected ), $i, 'Unexpected number of rows' );
}
+ public static function provideAddQuotes() {
+ return array(
+ array( // #0: empty
+ '', "''"
+ ),
+ array( // #1: simple
+ 'foo bar', "'foo bar'"
+ ),
+ array( // #2: including quote
+ 'foo\'bar', "'foo''bar'"
+ ),
+ array( // #3: including \0 (must be represented as hex, per https://bugs.php.net/bug.php?id=63419)
+ "x\0y",
+ "x'780079'",
+ ),
+ array( // #4: blob object (must be represented as hex)
+ new Blob( "hello" ),
+ "x'68656c6c6f'",
+ ),
+ );
+ }
+
+ /**
+ * @dataProvider provideAddQuotes()
+ */
+ public function testAddQuotes( $value, $expected ) {
+ // check quoting
+ $db = new DatabaseSqliteStandalone( ':memory:' );
+ $this->assertEquals( $expected, $db->addQuotes( $value ), 'string not quoted as expected' );
+
+ // ok, quoting works as expected, now try a round trip.
+ $re = $db->query( 'select ' . $db->addQuotes( $value ) );
+
+ $this->assertTrue( $re !== false, 'query failed' );
+
+ if ( $row = $re->fetchRow() ) {
+ if ( $value instanceof Blob ) {
+ $value = $value->fetch();
+ }
+
+ $this->assertEquals( $value, $row[0], 'string mangled by the database' );
+ } else {
+ $this->fail( 'query returned no result' );
+ }
+ }
+
public function testReplaceVars() {
$this->assertEquals( 'foo', $this->replaceVars( 'foo' ), "Don't break anything accidentally" );