Fixed bug #62978. pg_select()/etc may allow SQL injection when table name is user parameter, users are able to control table names.

author: Yasuo Ohgaki <yohgaki@php.net> 2013-08-05 18:23:15 +0900
committer: Yasuo Ohgaki <yohgaki@php.net> 2013-08-05 18:23:15 +0900
commit: f718684a6c1d6221015031d1e72d3eb55ecbb659 (patch)
tree: d62962d6f49753c66fea82357f08c1c3f4441a4a /ext/pgsql/tests/12pg_insert_9.phpt
parent: a93a462dcefd62e07963dd2da506fbb3409c88b5 (diff)
download: php-git-f718684a6c1d6221015031d1e72d3eb55ecbb659.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/ext/pgsql/tests/12pg_insert_9.phpt b/ext/pgsql/tests/12pg_insert_9.phpt
index 8afae0df91..329364ad64 100644
--- a/ext/pgsql/tests/12pg_insert_9.phpt
+++ b/ext/pgsql/tests/12pg_insert_9.phpt
@@ -22,5 +22,5 @@ echo pg_insert($db, $table_name, $fields, PGSQL_DML_STRING)."\n";
 echo "Ok\n";
 ?>
 --EXPECT--
-INSERT INTO php_pgsql_test (num,str,bin) VALUES (1234,'AAA','\\x424242');
-Ok
+INSERT INTO "php_pgsql_test" ("num","str","bin") VALUES (1234,E'AAA',E'\\x424242');
+Ok
+\ No newline at end of file
author	Yasuo Ohgaki <yohgaki@php.net>	2013-08-05 18:23:15 +0900
committer	Yasuo Ohgaki <yohgaki@php.net>	2013-08-05 18:23:15 +0900
commit	f718684a6c1d6221015031d1e72d3eb55ecbb659 (patch)
tree	d62962d6f49753c66fea82357f08c1c3f4441a4a /ext/pgsql/tests/12pg_insert_9.phpt
parent	a93a462dcefd62e07963dd2da506fbb3409c88b5 (diff)
download	php-git-f718684a6c1d6221015031d1e72d3eb55ecbb659.tar.gz