From a1d65f3737980658e9a5dd12165860e35e435941 Mon Sep 17 00:00:00 2001
From: "godzilla80@gmx.net" <>
Date: Sat, 20 Feb 2010 09:18:40 +0000
Subject: Fixed Issue 209 - SqlMap doesn't escape inline params properly

---
 tests/unit/Data/SqlMap/DynamicParameterTest.php    | 19 +++++++++++++++++++
 tests/unit/Data/SqlMap/DynamicParameterTestMap.xml |  6 ++++++
 2 files changed, 25 insertions(+)

(limited to 'tests/unit/Data')

diff --git a/tests/unit/Data/SqlMap/DynamicParameterTest.php b/tests/unit/Data/SqlMap/DynamicParameterTest.php
index ec37f4e0..f9b39b96 100644
--- a/tests/unit/Data/SqlMap/DynamicParameterTest.php
+++ b/tests/unit/Data/SqlMap/DynamicParameterTest.php
@@ -15,6 +15,9 @@ class DynamicParameterTest extends PHPUnit_Framework_TestCase
 		static $conn;
 		static $sqlMapManager;
 
+		if(Prado::getApplication() === null)
+			Prado::setApplication(new TApplication(dirname(__FILE__).'/app'));
+
 		if($conn === null)
 			$conn = new TDbConnection('mysql:host=localhost;dbname=prado_system_data_sqlmap', 'prado_unitest', 'prado_system_data_sqlmap_unitest');
 
@@ -85,6 +88,22 @@ class DynamicParameterTest extends PHPUnit_Framework_TestCase
 		self::assertEquals('staticsql1', $value);
 	}
 
+	/**
+	 * Issue#209 test
+	 */
+	public function testMysqlInlineEscapeParam()
+	{
+		$mapper = $this->getMysqlSqlMapManager();
+		$gateway = $mapper->getSqlmapGateway();
+
+		$value = $gateway->queryForObject('SelectInlineEscapeParam', "'1234567*123$456789$012345' AS foobar");
+		self::assertEquals('1234567*123$456789$012345', $value);
+
+		$value = $gateway->queryForObject('SelectInlineEscapeParam', '"1234567*123$456789$012345" AS foobar');
+		self::assertEquals('1234567*123$456789$012345', $value);
+
+	}
+
 }
 
 ?>
\ No newline at end of file
diff --git a/tests/unit/Data/SqlMap/DynamicParameterTestMap.xml b/tests/unit/Data/SqlMap/DynamicParameterTestMap.xml
index 65a91154..29670578 100644
--- a/tests/unit/Data/SqlMap/DynamicParameterTestMap.xml
+++ b/tests/unit/Data/SqlMap/DynamicParameterTestMap.xml
@@ -1,5 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 <sqlMap namespace="DynamicParameterTestMap">
+
 	<select id="SelectStaticSql1" resultClass="string">
 	<![CDATA[
 		SELECT `teststring` FROM `dynamicparametertest1` WHERE `testname`="staticsql"
@@ -30,4 +31,9 @@
 	]]>
 	</select>
 
+	<select id="SelectInlineEscapeParam" parameterClass="string" resultClass="string">
+	<![CDATA[
+		SELECT $value$
+	]]>
+	</select>
 </sqlMap>
\ No newline at end of file
-- 
cgit v1.2.3