function OrderByTest::testFieldEscaping

Same name and namespace in other branches
  1. 9 core/tests/Drupal/Tests/Core/Database/OrderByTest.php \Drupal\Tests\Core\Database\OrderByTest::testFieldEscaping()
  2. 8.9.x core/tests/Drupal/Tests/Core/Database/OrderByTest.php \Drupal\Tests\Core\Database\OrderByTest::testFieldEscaping()
  3. 10 core/tests/Drupal/Tests/Core/Database/OrderByTest.php \Drupal\Tests\Core\Database\OrderByTest::testFieldEscaping()

Tests that fields passed for ordering get escaped properly.

File

core/tests/Drupal/Tests/Core/Database/OrderByTest.php, line 49

Class

OrderByTest
Tests the orderBy() method of select queries.

Namespace

Drupal\Tests\Core\Database

Code

public function testFieldEscaping() : void {
    $this->query
        ->orderBy('x; DROP table node; --');
    $sql = $this->query
        ->__toString();
    $this->assertStringEndsWith('ORDER BY xDROPtablenode ASC', $sql, 'Order by field is escaped correctly.');
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.