/** * Test the sanitiseORderBy() method. */ public function testSanitiseOrderBy() { $dao = new PostMySQLDAO(); $order_by = "p.post_id"; $order_by = $dao->sanitiseOrderBy($order_by); $this->assertEqual($order_by, "p.post_id"); $order_by = "post_id"; $order_by = $dao->sanitiseOrderBy($order_by); $this->assertEqual($order_by, "post_id"); $order_by = "non-existent-table-name"; $order_by = $dao->sanitiseOrderBy($order_by); $this->assertEqual($order_by, "pub_date"); $order_by = "'; DROP TABLE tu_posts;--"; $order_by = $dao->sanitiseOrderBy($order_by); $this->assertEqual($order_by, "pub_date"); }