com php-src: Fixed bug #62978. pg_select()/etc may al low SQL injection when table name is user param eter, users are able to control table names. :
ext/pgsql/pgsql.c ext/pgsql/tests/10pg_convert .phpt ext/pgsql/tests/10pg_convert_9.phpt ext /pgsql/tests/12pg_insert.phpt ext/pgsql/tests/12p
g_insert_9.phpt ext/pgsql/tests/13pg_select.p hpt ext/pgsql/tests/13pg_select_9.phpt ext/pgsq l/tests/14pg_update.phpt ext/pgsql/tests/14pg_u
pdate_9.phpt ext/pgsql/te

From: Date: Mon, 05 Aug 2013 09:23:15 +0000
Subject: com php-src: Fixed bug #62978. pg_select()/etc may al low SQL injection when table name is user param eter, users are able to control table names. :
ext/pgsql/pgsql.c ext/pgsql/tests/10pg_convert .phpt ext/pgsql/tests/10pg_convert_9.phpt ext /pgsql/tests/12pg_insert.phpt ext/pgsql/tests/12p
g_insert_9.phpt ext/pgsql/tests/13pg_select.p hpt ext/pgsql/tests/13pg_select_9.phpt ext/pgsq l/tests/14pg_update.phpt ext/pgsql/tests/14pg_u
pdate_9.phpt ext/pgsql/te
Groups: php.cvs 
Request: Send a blank email to [email protected] to get a copy of this message
Commit:    f718684a6c1d6221015031d1e72d3eb55ecbb659
Author:    Yasuo Ohgaki <[email protected]>         Mon, 5 Aug 2013 18:23:15 +0900
Parents:   a93a462dcefd62e07963dd2da506fbb3409c88b5
Branches:  PHP-5.4

Link:       http://git.php.net/?p=php-src.git;a=commitdiff;h=f718684a6c1d6221015031d1e72d3eb55ecbb659

Log:
Fixed bug #62978. pg_select()/etc may allow SQL injection when table name is user parameter, users
are able to control table names.

Bugs:
https://bugs.php.net/62978

Changed paths:
  M  ext/pgsql/pgsql.c
  M  ext/pgsql/tests/10pg_convert.phpt
  M  ext/pgsql/tests/10pg_convert_9.phpt
  M  ext/pgsql/tests/12pg_insert.phpt
  M  ext/pgsql/tests/12pg_insert_9.phpt
  M  ext/pgsql/tests/13pg_select.phpt
  M  ext/pgsql/tests/13pg_select_9.phpt
  M  ext/pgsql/tests/14pg_update.phpt
  M  ext/pgsql/tests/14pg_update_9.phpt
  M  ext/pgsql/tests/bug47199.phpt
  M  ext/pgsql/tests/bug64609.phpt
  M  ext/pgsql/tests/config.inc
  M  ext/pgsql/tests/pg_delete_001.phpt
  M  ext/pgsql/tests/pg_insert_001.phpt
  M  ext/pgsql/tests/pg_update_001.phpt



diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c index 796d883..ded4a62 100644 --- a/ext/pgsql/pgsql.c +++ b/ext/pgsql/pgsql.c @@ -914,6 +914,60 @@ static void _free_result(zend_rsrc_list_entry *rsrc TSRMLS_DC) } /* }}} */ + +static int _php_pgsql_detect_identifier_escape(const char *identifier, size_t len) +{ + size_t i; + + /* Handle edge case. Cannot be a escaped string */ + if (len <= 2) { + return FAILURE; + } + /* Detect double qoutes */ + if (identifier[0] == '"' && identifier[len-1] == '"') { + /* Detect wrong format of " inside of escaped string */ + for (i = 1; i < len-1; i++) { + if (identifier[i] == '"' && (identifier[++i] != '"' || i == len-1)) { + return FAILURE; + } + } + } else { + return FAILURE; + } + /* Escaped properly */ + return SUCCESS; +} + +#if !HAVE_PQESCAPELITERAL +/* {{{ _php_pgsql_escape_identifier + * Since PQescapeIdentifier() is unavailable (PostgreSQL 9.0 <), idenfifers + * should be escaped by pgsql module. + * Note: this function does not care for encoding. Therefore users should not + * use this with SJIS/BIG5 etc. (i.e. Encoding base injection may possible with + * before PostgreSQL 9.0) + */ +static char *_php_pgsql_escape_identifier(const char *field, size_t field_len) +{ + ulong field_escaped_len = field_len*2 + 3; + ulong i, j = 0; + char *field_escaped; + + field_escaped = (char *)malloc(field_escaped_len); + field_escaped[j++] = '"'; + for (i = 0; i < field_len; i++) { + if (field[i] == '"') { + field_escaped[j++] = '"'; + field_escaped[j++] = '"'; + } else { + field_escaped[j++] = field[i]; + } + } + field_escaped[j++] = '"'; + field_escaped[j] = '\0'; + return field_escaped; +} +#endif + /* {{{ PHP_INI */ PHP_INI_BEGIN() @@ -5015,8 +5069,9 @@ PHP_PGSQL_API int php_pgsql_meta_data(PGconn *pg_link, const char *table_name, z { PGresult *pg_result; char *src, *tmp_name, *tmp_name2 = NULL; + char *escaped; smart_str querystr = {0}; - int new_len; + size_t new_len; int i, num_rows; zval *elem; @@ -5038,20 +5093,29 @@ PHP_PGSQL_API int php_pgsql_meta_data(PGconn *pg_link, const char *table_name, z "SELECT a.attname, a.attnum, t.typname, a.attlen, a.attnotnull, a.atthasdef, a.attndims, t.typtype = 'e' " "FROM pg_class as c, pg_attribute a, pg_type t, pg_namespace n " "WHERE a.attnum > 0 AND a.attrelid = c.oid AND c.relname = '"); - tmp_name2 = php_addslashes(tmp_name2, strlen(tmp_name2), &new_len, 0 TSRMLS_CC); - smart_str_appendl(&querystr, tmp_name2, new_len); - + escaped = (char *)safe_emalloc(strlen(tmp_name2), 2, 1); +#if HAVE_PQESCAPE_CONN + new_len = PQescapeStringConn(pg_link, escaped, tmp_name2, strlen(tmp_name2), NULL); +#else + new_len = PQescapeString(escaped, tmp_name2, strlen(tmp_name2)); +#endif + smart_str_appends(&querystr, escaped); + efree(escaped); + smart_str_appends(&querystr, "' AND c.relnamespace = n.oid AND n.nspname = '"); - tmp_name = php_addslashes(tmp_name, strlen(tmp_name), &new_len, 0 TSRMLS_CC); - smart_str_appendl(&querystr, tmp_name, new_len); + escaped = (char *)safe_emalloc(strlen(tmp_name), 2, 1); +#if HAVE_PQESCAPE_CONN + new_len = PQescapeStringConn(pg_link, escaped, tmp_name, strlen(tmp_name), NULL); +#else + new_len = PQescapeString(escaped, tmp_name, strlen(tmp_name)); +#endif + smart_str_appends(&querystr, escaped); + efree(escaped); smart_str_appends(&querystr, "' AND a.atttypid = t.oid ORDER BY a.attnum;"); smart_str_0(&querystr); - - efree(tmp_name2); - efree(tmp_name); - efree(src); - + efree(src); + pg_result = PQexec(pg_link, querystr.c); if (PQresultStatus(pg_result) != PGRES_TUPLES_OK || (num_rows = PQntuples(pg_result)) == 0) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "Table '%s' doesn't exists", table_name); @@ -5274,6 +5338,7 @@ static int php_pgsql_add_quotes(zval *src, zend_bool should_free TSRMLS_DC) assert(Z_TYPE_P(src) == IS_STRING); assert(should_free == 1 || should_free == 0); + smart_str_appendc(&str, 'E'); smart_str_appendc(&str, '\''); smart_str_appendl(&str, Z_STRVAL_P(src), Z_STRLEN_P(src)); smart_str_appendc(&str, '\''); @@ -5314,7 +5379,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con uint field_len = -1; ulong num_idx = -1; zval *meta, **def, **type, **not_null, **has_default, **is_enum, **val, *new_val; - int new_len, key_type, err = 0, skip_field; + int key_type, err = 0, skip_field; php_pgsql_data_type data_type; assert(pg_link != NULL); @@ -5327,6 +5392,8 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con } MAKE_STD_ZVAL(meta); array_init(meta); + +/* table_name is escaped by php_pgsql_meta_data */ if (php_pgsql_meta_data(pg_link, table_name, meta TSRMLS_CC) == FAILURE) { zval_dtor(meta); FREE_ZVAL(meta); @@ -5539,15 +5606,15 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con } else { Z_TYPE_P(new_val) = IS_STRING; -#if HAVE_PQESCAPE +#if HAVE_PQESCAPE_CONN { char *tmp; - tmp = (char *)safe_emalloc(Z_STRLEN_PP(val), 2, 1); - Z_STRLEN_P(new_val) = (int)PQescapeString(tmp, Z_STRVAL_PP(val), Z_STRLEN_PP(val)); + tmp = (char *)safe_emalloc(Z_STRLEN_PP(val), 2, 1); + Z_STRLEN_P(new_val) = (int)PQescapeStringConn(pg_link, tmp, Z_STRVAL_PP(val), Z_STRLEN_PP(val), NULL); Z_STRVAL_P(new_val) = tmp; } #else - Z_STRVAL_P(new_val) = php_addslashes(Z_STRVAL_PP(val), Z_STRLEN_PP(val), &Z_STRLEN_P(new_val), 0 TSRMLS_CC); + Z_STRVAL_P(new_val) = (int)PQescapeString(Z_STRVAL_PP(val), Z_STRLEN_PP(val), &Z_STRLEN_P(new_val), 0 TSRMLS_CC); #endif php_pgsql_add_quotes(new_val, 1 TSRMLS_CC); } @@ -5833,6 +5900,7 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con else { unsigned char *tmp; size_t to_len; + smart_str s = {0}; #ifdef HAVE_PQESCAPE_BYTEA_CONN tmp = PQescapeByteaConn(pg_link, Z_STRVAL_PP(val), Z_STRLEN_PP(val), &to_len); #else @@ -5844,7 +5912,11 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con memcpy(Z_STRVAL_P(new_val), tmp, to_len); PQfreemem(tmp); php_pgsql_add_quotes(new_val, 1 TSRMLS_CC); - + smart_str_appendl(&s, Z_STRVAL_P(new_val), Z_STRLEN_P(new_val)); + smart_str_0(&s); + efree(Z_STRVAL_P(new_val)); + Z_STRVAL_P(new_val) = s.c; + Z_STRLEN_P(new_val) = s.len; } break; @@ -5929,11 +6001,22 @@ PHP_PGSQL_API int php_pgsql_convert(PGconn *pg_link, const char *table_name, con FREE_ZVAL(new_val); break; /* break out for() */ } + /* If field is NULL and HAS DEFAULT, should be skipped */ if (!skip_field) { - /* If field is NULL and HAS DEFAULT, should be skipped */ - field = php_addslashes(field, strlen(field), &new_len, 0 TSRMLS_CC); - add_assoc_zval(result, field, new_val); - efree(field); + char *escaped; + size_t new_len, field_len = strlen(field); + + if (_php_pgsql_detect_identifier_escape(field, field_len) == SUCCESS) { + escaped = strndup(field, field_len); + } else { +#if HAVE_PQESCAPELITERAL + escaped = PQescapeIdentifier(pg_link, field, field_len); +#else + escaped = _php_pgsql_escape_identifier(field, field_len); +#endif + } + add_assoc_zval(result, escaped, new_val); + free(escaped); } } /* for */ zval_dtor(meta); @@ -6008,6 +6091,45 @@ static int do_exec(smart_str *querystr, int expect, PGconn *pg_link, ulong opt T return -1; } +static inline void build_tablename(smart_str *querystr, PGconn *pg_link, const char *table) +{ + char *table_copy, *escaped, *token, *tmp; + size_t len; + + /* schame.table should be "schame"."table" */ + table_copy = estrdup(table); + token = php_strtok_r(table_copy, ".", &tmp); + len = strlen(token); + if (_php_pgsql_detect_identifier_escape(token, len) == SUCCESS) { + escaped = strndup(token, len); + } else { +#if HAVE_PQESCAPELITERAL + escaped = PQescapeIdentifier(pg_link, token, len); +#else + escaped = _php_pgsql_escape_identifier(token, len); +#endif + } + smart_str_appends(querystr, escaped); + free(escaped); + if (tmp && *tmp) { + len = strlen(tmp); + /* "schema"."table" format */ + if (_php_pgsql_detect_identifier_escape(tmp, len) == SUCCESS) { + escaped = strndup(tmp, len); + } else { +#if HAVE_PQESCAPELITERAL + escaped = PQescapeIdentifier(pg_link, tmp, len); +#else + escaped = _php_pgsql_escape_identifier(tmp, len); +#endif + } + smart_str_appendc(querystr, '.'); + smart_str_appends(querystr, escaped); + free(escaped); + } + efree(table_copy); +} + /* {{{ php_pgsql_insert */ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, const char *table, zval *var_array, ulong opt, char **sql TSRMLS_DC) @@ -6027,7 +6149,7 @@ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, const char *table, zval *var if (zend_hash_num_elements(Z_ARRVAL_P(var_array)) == 0) { smart_str_appends(&querystr, "INSERT INTO "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " DEFAULT VALUES"); goto no_values; @@ -6042,11 +6164,11 @@ PHP_PGSQL_API int php_pgsql_insert(PGconn *pg_link, const char *table, zval *var } var_array = converted; } - + smart_str_appends(&querystr, "INSERT INTO "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " ("); - + zend_hash_internal_pointer_reset_ex(Z_ARRVAL_P(var_array), &pos); while ((key_type = zend_hash_get_current_key_ex(Z_ARRVAL_P(var_array), &fld, &fld_len, &num_idx, 0, &pos)) != HASH_KEY_NON_EXISTANT) { @@ -6233,7 +6355,7 @@ PHP_PGSQL_API int php_pgsql_update(PGconn *pg_link, const char *table, zval *var } smart_str_appends(&querystr, "UPDATE "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " SET "); if (build_assignment_string(&querystr, Z_ARRVAL_P(var_array), 0, ",", 1 TSRMLS_CC)) @@ -6334,7 +6456,7 @@ PHP_PGSQL_API int php_pgsql_delete(PGconn *pg_link, const char *table, zval *ids } smart_str_appends(&querystr, "DELETE FROM "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " WHERE "); if (build_assignment_string(&querystr, Z_ARRVAL_P(ids_array), 1, " AND ", sizeof(" AND ")-1 TSRMLS_CC)) @@ -6470,7 +6592,7 @@ PHP_PGSQL_API int php_pgsql_select(PGconn *pg_link, const char *table, zval *ids } smart_str_appends(&querystr, "SELECT * FROM "); - smart_str_appends(&querystr, table); + build_tablename(&querystr, pg_link, table); smart_str_appends(&querystr, " WHERE "); if (build_assignment_string(&querystr, Z_ARRVAL_P(ids_array), 1, " AND ", sizeof(" AND ")-1 TSRMLS_CC)) diff --git a/ext/pgsql/tests/10pg_convert.phpt b/ext/pgsql/tests/10pg_convert.phpt index fde4c67..adc2756 100644 --- a/ext/pgsql/tests/10pg_convert.phpt +++ b/ext/pgsql/tests/10pg_convert.phpt @@ -20,10 +20,10 @@ var_dump($converted); ?> --EXPECT-- array(3) { - ["num"]=> + [""num""]=> string(4) "1234" - ["str"]=> - string(5) "'AAA'" - ["bin"]=> - string(5) "'BBB'" -} + [""str""]=> + string(6) "E'AAA'" + [""bin""]=> + string(6) "E'BBB'" +} \ No newline at end of file diff --git a/ext/pgsql/tests/10pg_convert_9.phpt b/ext/pgsql/tests/10pg_convert_9.phpt index bb2e7e6..827c962 100644 --- a/ext/pgsql/tests/10pg_convert_9.phpt +++ b/ext/pgsql/tests/10pg_convert_9.phpt @@ -21,10 +21,10 @@ var_dump($converted); ?> --EXPECT-- array(3) { - ["num"]=> + [""num""]=> string(4) "1234" - ["str"]=> - string(5) "'AAA'" - ["bin"]=> - string(11) "'\\x424242'" -} + [""str""]=> + string(6) "E'AAA'" + [""bin""]=> + string(12) "E'\\x424242'" +} \ No newline at end of file diff --git a/ext/pgsql/tests/12pg_insert.phpt b/ext/pgsql/tests/12pg_insert.phpt index 6630494..9fd0dd1 100644 --- a/ext/pgsql/tests/12pg_insert.phpt +++ b/ext/pgsql/tests/12pg_insert.phpt @@ -20,5 +20,5 @@ echo pg_insert($db, $table_name, $fields, PGSQL_DML_STRING)."\n"; echo "Ok\n"; ?> --EXPECT-- -INSERT INTO php_pgsql_test (num,str,bin) VALUES (1234,'AAA','BBB'); -Ok +INSERT INTO "php_pgsql_test" ("num","str","bin") VALUES (1234,E'AAA',E'BBB'); +Ok \ No newline at end of file diff --git a/ext/pgsql/tests/12pg_insert_9.phpt b/ext/pgsql/tests/12pg_insert_9.phpt index 8afae0d..329364a 100644 --- a/ext/pgsql/tests/12pg_insert_9.phpt +++ b/ext/pgsql/tests/12pg_insert_9.phpt @@ -22,5 +22,5 @@ echo pg_insert($db, $table_name, $fields, PGSQL_DML_STRING)."\n"; echo "Ok\n"; ?> --EXPECT-- -INSERT INTO php_pgsql_test (num,str,bin) VALUES (1234,'AAA','\\x424242'); -Ok +INSERT INTO "php_pgsql_test" ("num","str","bin") VALUES (1234,E'AAA',E'\\x424242'); +Ok \ No newline at end of file diff --git a/ext/pgsql/tests/13pg_select.phpt b/ext/pgsql/tests/13pg_select.phpt index f1504a8..db2ca06 100644 --- a/ext/pgsql/tests/13pg_select.phpt +++ b/ext/pgsql/tests/13pg_select.phpt @@ -33,5 +33,5 @@ array(1) { string(3) "BBB" } } -SELECT * FROM php_pgsql_test WHERE num=1234; +SELECT * FROM "php_pgsql_test" WHERE "num"=1234; Ok diff --git a/ext/pgsql/tests/13pg_select_9.phpt b/ext/pgsql/tests/13pg_select_9.phpt index 422c461..67adc9d 100644 --- a/ext/pgsql/tests/13pg_select_9.phpt +++ b/ext/pgsql/tests/13pg_select_9.phpt @@ -35,5 +35,5 @@ array(1) { string(8) "\x424242" } } -SELECT * FROM php_pgsql_test WHERE num=1234; -Ok +SELECT * FROM "php_pgsql_test" WHERE "num"=1234; +Ok \ No newline at end of file diff --git a/ext/pgsql/tests/14pg_update.phpt b/ext/pgsql/tests/14pg_update.phpt index 3260f2b..347cac9 100644 --- a/ext/pgsql/tests/14pg_update.phpt +++ b/ext/pgsql/tests/14pg_update.phpt @@ -21,5 +21,5 @@ echo pg_update($db, $table_name, $fields, $ids, PGSQL_DML_STRING)."\n"; echo "Ok\n"; ?> --EXPECT-- -UPDATE php_pgsql_test SET num=1234,str='ABC',bin='XYZ' WHERE num=1234; -Ok +UPDATE "php_pgsql_test" SET "num"=1234,"str"=E'ABC',"bin"=E'XYZ' WHERE "num"=1234; +Ok \ No newline at end of file diff --git a/ext/pgsql/tests/14pg_update_9.phpt b/ext/pgsql/tests/14pg_update_9.phpt index bc5cf67..e766c1f 100644 --- a/ext/pgsql/tests/14pg_update_9.phpt +++ b/ext/pgsql/tests/14pg_update_9.phpt @@ -23,5 +23,5 @@ echo pg_update($db, $table_name, $fields, $ids, PGSQL_DML_STRING)."\n"; echo "Ok\n"; ?> --EXPECT-- -UPDATE php_pgsql_test SET num=1234,str='ABC',bin='\\x58595a' WHERE num=1234; -Ok +UPDATE "php_pgsql_test" SET "num"=1234,"str"=E'ABC',"bin"=E'\\x58595a' WHERE "num"=1234; +Ok \ No newline at end of file diff --git a/ext/pgsql/tests/bug47199.phpt b/ext/pgsql/tests/bug47199.phpt index 5bfac0b..faa787f 100644 --- a/ext/pgsql/tests/bug47199.phpt +++ b/ext/pgsql/tests/bug47199.phpt @@ -52,8 +52,8 @@ array(2) { string(1) "2" } } -DELETE FROM test_47199 WHERE null_field IS NULL AND not_null_field=2; -UPDATE test_47199 SET null_field=NULL,not_null_field=0 WHERE not_null_field=1 AND null_field IS NULL; +DELETE FROM "test_47199" WHERE "null_field" IS NULL AND "not_null_field"=2; +UPDATE "test_47199" SET "null_field"=NULL,"not_null_field"=0 WHERE "not_null_field"=1 AND "null_field" IS NULL; array(1) { [0]=> array(2) { diff --git a/ext/pgsql/tests/bug64609.phpt b/ext/pgsql/tests/bug64609.phpt index 0df6301..72fac76 100644 --- a/ext/pgsql/tests/bug64609.phpt +++ b/ext/pgsql/tests/bug64609.phpt @@ -25,6 +25,6 @@ var_dump($converted); ?> --EXPECT-- array(1) { - ["a"]=> - string(4) "'ok'" -} + [""a""]=> + string(5) "E'ok'" +} \ No newline at end of file diff --git a/ext/pgsql/tests/config.inc b/ext/pgsql/tests/config.inc index 2b5f05a..d4bbb33 100644 --- a/ext/pgsql/tests/config.inc +++ b/ext/pgsql/tests/config.inc @@ -2,7 +2,7 @@ // These vars are used to connect db and create test table. // values can be set to meet your environment -$conn_str = "host=localhost dbname=test"; // connection string +$conn_str = "host=localhost dbname=test port=5432"; // connection string $table_name = "php_pgsql_test"; // test table that should be exist $num_test_record = 1000; // Number of records to create diff --git a/ext/pgsql/tests/pg_delete_001.phpt b/ext/pgsql/tests/pg_delete_001.phpt index abb65be..a98c95d 100644 --- a/ext/pgsql/tests/pg_delete_001.phpt +++ b/ext/pgsql/tests/pg_delete_001.phpt @@ -45,8 +45,8 @@ pg_query('DROP SCHEMA phptests'); ?> --EXPECTF-- -string(37) "DELETE FROM foo WHERE id=1 AND id2=2;" -string(46) "DELETE FROM phptests.foo WHERE id=2 AND id2=3;" +string(43) "DELETE FROM "foo" WHERE "id"=1 AND "id2"=2;" +string(54) "DELETE FROM "phptests"."foo" WHERE "id"=2 AND "id2"=3;" array(2) { [0]=> array(2) { diff --git a/ext/pgsql/tests/pg_insert_001.phpt b/ext/pgsql/tests/pg_insert_001.phpt index 7d27219..626d4d0 100644 --- a/ext/pgsql/tests/pg_insert_001.phpt +++ b/ext/pgsql/tests/pg_insert_001.phpt @@ -28,7 +28,7 @@ pg_query('DROP SCHEMA phptests'); --EXPECTF-- Warning: pg_insert(): Table 'foo' doesn't exists in %s on line %d -string(47) "INSERT INTO phptests.foo (id,id2) VALUES (1,2);" +string(55) "INSERT INTO "phptests"."foo" ("id","id2") VALUES (1,2);" array(1) { [0]=> array(2) { diff --git a/ext/pgsql/tests/pg_update_001.phpt b/ext/pgsql/tests/pg_update_001.phpt index 95fa692..60db35c 100644 --- a/ext/pgsql/tests/pg_update_001.phpt +++ b/ext/pgsql/tests/pg_update_001.phpt @@ -35,8 +35,8 @@ pg_query('DROP SCHEMA phptests'); ?> --EXPECT-- -string(32) "UPDATE foo SET id=10 WHERE id=1;" -string(43) "UPDATE phptests.foo SET id=100 WHERE id2=2;" +string(38) "UPDATE "foo" SET "id"=10 WHERE "id"=1;" +string(51) "UPDATE "phptests"."foo" SET "id"=100 WHERE "id2"=2;" array(2) { ["id"]=> string(2) "10"

Thread (1 message)

  • Yasuo Ohgaki
« previous php.cvs (#72832) next »