/** * Test the sanitizeOrderBy() method. */ public function testSanitizeOrderBy() { $dao = new PostMySQLDAO(); $order_by = "p.post_id"; $order_by = $dao->sanitizeOrderBy($order_by); $this->assertEqual($order_by, "p.post_id"); $order_by = "post_id"; $order_by = $dao->sanitizeOrderBy($order_by); $this->assertEqual($order_by, "post_id"); $order_by = "non-existent-table-name"; $order_by = $dao->sanitizeOrderBy($order_by); $this->assertEqual($order_by, "pub_date"); $order_by = "'; DROP TABLE tu_posts;--"; $order_by = $dao->sanitizeOrderBy($order_by); $this->assertEqual($order_by, "pub_date"); }