function Test_of_find2() { $Users = new AkTestUser('first_name=>', 'Tim', 'last_name->', "O'Reilly", 'user_name->', 'tim_oreilly'); $Users->_create(); $User = $Users->find('first', array('conditions' => array("last_name = :last_name", ':last_name' => "O'Reilly"))); $this->assertTrue($User->first_name == 'Tim' && $User->last_name == "O'Reilly" && $User->user_name == 'tim_oreilly'); $this->assertFalse($Users->find('first', array('conditions' => array("last_name = :last_name", ':last_name' => "' OR 1=1 AND first_name='Tim")))); $params = array('last_name' => "O'Reilly"); $User = $Users->find('first', array('conditions' => $params)); $this->assertTrue($User->first_name == 'Tim' && $User->last_name == "O'Reilly" && $User->user_name == 'tim_oreilly'); //Trying sql inyection on values $params = array('last_name' => "' OR 1=1 AND first_name='Tim"); $this->assertFalse($Users->find('first', array('conditions' => $params))); //Trying sql inyection on keys $params = array("last_name ='Tim' OR last_name" => "Not available name"); $User = $Users->find('first', array('conditions' => $params)); $this->assertFalse($User->first_name == 'Tim' && $User->last_name == "O'Reilly" && $User->user_name == 'tim_oreilly'); $User = $Users->find("first_name = ?", 'Tim'); $this->assertTrue($User[0]->first_name == 'Tim' && $User[0]->last_name == "O'Reilly" && $User[0]->user_name == 'tim_oreilly'); $User = $Users->find('first', "first_name = ?", 'Tim'); $this->assertTrue($User->first_name == 'Tim' && $User->last_name == "O'Reilly" && $User->user_name == 'tim_oreilly'); $FoundUsers = $Users->find('all', "first_name = ? OR first_name LIKE ?", 'Tim', 'Al%', array('order' => 'last_name ASC')); $this->assertTrue($FoundUsers[0]->first_name == 'Tim'); $this->assertTrue($FoundUsers[1]->first_name == 'Alicia'); $FoundUsers = $Users->find('all', "first_name = ? OR first_name LIKE ?", 'Tim', 'Al%', array('order' => 'last_name ASC')); $this->assertTrue($FoundUsers[0]->first_name == 'Tim'); $this->assertTrue($FoundUsers[1]->first_name == 'Alicia'); $this->assertFalse($Users->find("last_name = ?", "' OR 1=1 AND first_name='Tim")); }
public function Test_of_find() { $User = new AkTestUser('first_name=>', 'Bermi', 'last_name->', 'Ferrer Martínez', 'user_name->', 'bermi', 'email->', '*****@*****.**'); $User->_create(); $User = new AkTestUser('first_name=>', 'Hilario', 'last_name->', 'Hervás Añó', 'user_name->', 'hilario', 'email->', '*****@*****.**'); $User->_create(); $Users = new AkTestUser(); $User = $Users->find(3); $this->assertTrue($User->first_name == 'Bermi' && $User->last_name == 'Ferrer Martínez' && $User->user_name == 'bermi' && $User->email == '*****@*****.**'); $Users = new AkTestUser(); $FoundUsers = $Users->find(3, 4); foreach ($FoundUsers as $User) { $expected1 = $User->first_name == 'Hilario' && $User->last_name == 'Hervás Añó' && $User->user_name == 'hilario' && $User->email == '*****@*****.**'; $expected2 = $User->first_name == 'Bermi' && $User->last_name == 'Ferrer Martínez' && $User->user_name == 'bermi' && $User->email == '*****@*****.**'; $this->assertTrue($expected1 || $expected2); } // with arrays of ids $Users = new AkTestUser(); $GotUser = $Users->find(array(3)); $User = $GotUser[0]; $this->assertTrue($User->first_name == 'Bermi' && $User->last_name == 'Ferrer Martínez' && $User->user_name == 'bermi' && $User->email == '*****@*****.**'); $Users = new AkTestUser(); $FoundUsers = $Users->find(array(3, 4)); foreach ($FoundUsers as $User) { $expected1 = $User->first_name == 'Hilario' && $User->last_name == 'Hervás Añó' && $User->user_name == 'hilario' && $User->email == '*****@*****.**'; $expected2 = $User->first_name == 'Bermi' && $User->last_name == 'Ferrer Martínez' && $User->user_name == 'bermi' && $User->email == '*****@*****.**'; $this->assertTrue($expected1 || $expected2); } // with conditions of id $Users = new AkTestUser(); $User = $Users->find(3, array('conditions' => "user_name = 'bermi'", 'order' => "created_at DESC")); $this->assertTrue($User->first_name == 'Bermi' && $User->last_name == 'Ferrer Martínez' && $User->user_name == 'bermi' && $User->email == '*****@*****.**'); $Users = new AkTestUser(); $User = $Users->find('first', array('conditions' => array("user_name = :user_name", ':user_name' => 'hilario'))); $this->assertTrue($User->first_name == 'Hilario' && $User->last_name == 'Hervás Añó' && $User->user_name == 'hilario' && $User->email == '*****@*****.**'); $User = new AkTestUser('first_name=>', 'test_name', 'last_name->', 'A'); $User->_create(); $User = new AkTestUser('first_name=>', 'test_name', 'last_name->', 'Z'); $User->_create(); $Users = new AkTestUser(); $User = $Users->find('first', array('order' => "last_name DESC")); $this->assertTrue($User->first_name == 'test_name' && $User->last_name == 'Z'); $Users = new AkTestUser(); $User = $Users->find('first', array('order' => "last_name ASC")); $this->assertTrue($User->first_name == 'test_name' && $User->last_name == 'A'); $Users = new AkTestUser(); $this->assertFalse($Users->find('first', array('order' => "last_name DESC", 'offset' => 5))); $Users = new AkTestUser(); $User = $Users->find('first', array('order' => "last_name ASC", 'offset' => 2)); $this->assertTrue($User->first_name == 'Hilario' && $User->last_name == 'Hervás Añó' && $User->user_name == 'hilario' && $User->email == '*****@*****.**'); $Users = new AkTestUser(); $FoundUsers = $Users->find('all'); $this->assertEqual(count($FoundUsers), 4); foreach ($FoundUsers as $User) { $this->assertFalse(empty($User->last_name)); } $Users = new AkTestUser(); $FoundUsers = $Users->find(); $this->assertEqual(count($FoundUsers), 4); foreach ($FoundUsers as $User) { $this->assertFalse(empty($User->last_name)); } $User = new AkTestUser('first_name=>', 'test_name', 'last_name->', 'B'); $User->_create(); $Users = new AkTestUser(); $FoundUsers = $Users->find('all', array('conditions' => array("first_name = :first_name", ':first_name' => 'test_name'), 'limit' => 2, 'order' => "last_name DESC")); $this->assertEqual(count($FoundUsers), 2); $expected = array('Z', 'B'); foreach ($FoundUsers as $User) { $this->assertFalse(empty($User->last_name)); $this->assertTrue(in_array($User->last_name, $expected)); } $Users = new AkTestUser(); $FoundUsers = $Users->find('all', array('offset' => 2, 'limit' => 2)); $this->assertEqual(count($FoundUsers), 2); $expected = array('A', 'Z'); foreach ($FoundUsers as $User) { $this->assertFalse(empty($User->last_name)); $this->assertTrue(in_array($User->last_name, $expected)); } $Users = new AkTestUser(); $FoundUsers = $Users->find('all', array('offset' => 3, 'limit' => 2)); $this->assertEqual(count($FoundUsers), 2); $expected = array('B', 'Z'); foreach ($FoundUsers as $User) { $this->assertFalse(empty($User->last_name)); $this->assertTrue(in_array($User->last_name, $expected)); } }