| Current Path : /var/www/html/stolberg/web/core/tests/Drupal/KernelTests/Core/Database/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : /var/www/html/stolberg/web/core/tests/Drupal/KernelTests/Core/Database/SelectTest.php |
<?php
declare(strict_types=1);
namespace Drupal\KernelTests\Core\Database;
use Drupal\Core\Database\InvalidQueryException;
use Drupal\Core\Database\Database;
use Drupal\Core\Database\DatabaseExceptionWrapper;
use Drupal\Core\Database\Query\SelectExtender;
/**
* Tests the Select query builder.
*
* @group Database
*/
class SelectTest extends DatabaseTestBase {
/**
* Tests rudimentary SELECT statements.
*/
public function testSimpleSelect(): void {
$query = $this->connection->select('test');
$query->addField('test', 'name');
$query->addField('test', 'age', 'age');
$num_records = $query->countQuery()->execute()->fetchField();
$this->assertEquals(4, $num_records, 'Returned the correct number of rows.');
}
/**
* Tests rudimentary SELECT statement with a COMMENT.
*/
public function testSimpleComment(): void {
$query = $this->connection->select('test')->comment('Testing query comments');
$query->addField('test', 'name');
$query->addField('test', 'age', 'age');
$result = $query->execute();
$records = $result->fetchAll();
$query = (string) $query;
$expected = "/* Testing query comments */";
$this->assertCount(4, $records, 'Returned the correct number of rows.');
$this->assertStringContainsString($expected, $query, 'The flattened query contains the comment string.');
}
/**
* Tests query COMMENT system against vulnerabilities.
*/
public function testVulnerableComment(): void {
$query = $this->connection->select('test')->comment('Testing query comments */ SELECT nid FROM {node}; --');
$query->addField('test', 'name');
$query->addField('test', 'age', 'age');
$result = $query->execute();
$records = $result->fetchAll();
$query = (string) $query;
$expected = "/* Testing query comments * / SELECT nid FROM {node}. -- */";
// Check the returned number of rows.
$this->assertCount(4, $records);
// Check that the flattened query contains the sanitized comment string.
$this->assertStringContainsString($expected, $query);
$connection = Database::getConnection();
foreach ($this->makeCommentsProvider() as $test_set) {
[$expected, $comments] = $test_set;
$this->assertEquals($expected, $connection->makeComment($comments));
}
}
/**
* Provides expected and input values for testVulnerableComment().
*/
public function makeCommentsProvider() {
return [
[
'/* */ ',
[''],
],
// Try and close the comment early.
[
'/* Exploit * / DROP TABLE node. -- */ ',
['Exploit */ DROP TABLE node; --'],
],
// Variations on comment closing.
[
'/* Exploit * / * / DROP TABLE node. -- */ ',
['Exploit */*/ DROP TABLE node; --'],
],
[
'/* Exploit * * // DROP TABLE node. -- */ ',
['Exploit **// DROP TABLE node; --'],
],
// Try closing the comment in the second string which is appended.
[
'/* Exploit * / DROP TABLE node. --. Another try * / DROP TABLE node. -- */ ',
['Exploit */ DROP TABLE node; --', 'Another try */ DROP TABLE node; --'],
],
];
}
/**
* Tests basic conditionals on SELECT statements.
*/
public function testSimpleSelectConditional(): void {
$query = $this->connection->select('test');
$name_field = $query->addField('test', 'name');
$age_field = $query->addField('test', 'age', 'age');
$query->condition('age', 27);
$result = $query->execute();
// Check that the aliases are being created the way we want.
$this->assertEquals('name', $name_field, 'Name field alias is correct.');
$this->assertEquals('age', $age_field, 'Age field alias is correct.');
// Ensure that we got the right record.
$record = $result->fetch();
$this->assertEquals('George', $record->{$name_field}, 'Fetched name is correct.');
$this->assertEquals(27, $record->{$age_field}, 'Fetched age is correct.');
}
/**
* Tests SELECT statements with expressions.
*/
public function testSimpleSelectExpression(): void {
$query = $this->connection->select('test');
$name_field = $query->addField('test', 'name');
$age_field = $query->addExpression("[age]*2", 'double_age');
$query->condition('age', 27);
$result = $query->execute();
// Check that the aliases are being created the way we want.
$this->assertEquals('name', $name_field, 'Name field alias is correct.');
$this->assertEquals('double_age', $age_field, 'Age field alias is correct.');
// Ensure that we got the right record.
$record = $result->fetch();
$this->assertEquals('George', $record->{$name_field}, 'Fetched name is correct.');
$this->assertEquals(27 * 2, $record->{$age_field}, 'Fetched age expression is correct.');
}
/**
* Tests SELECT statements with multiple expressions.
*/
public function testSimpleSelectExpressionMultiple(): void {
$query = $this->connection->select('test');
$name_field = $query->addField('test', 'name');
$age_double_field = $query->addExpression("[age]*2");
$age_triple_field = $query->addExpression("[age]*3");
$query->condition('age', 27);
$result = $query->execute();
// Check that the aliases are being created the way we want.
$this->assertEquals('expression', $age_double_field, 'Double age field alias is correct.');
$this->assertEquals('expression_2', $age_triple_field, 'Triple age field alias is correct.');
// Ensure that we got the right record.
$record = $result->fetch();
$this->assertEquals('George', $record->{$name_field}, 'Fetched name is correct.');
$this->assertEquals(27 * 2, $record->{$age_double_field}, 'Fetched double age expression is correct.');
$this->assertEquals(27 * 3, $record->{$age_triple_field}, 'Fetched triple age expression is correct.');
}
/**
* Tests adding multiple fields to a SELECT statement at the same time.
*/
public function testSimpleSelectMultipleFields(): void {
$record = $this->connection->select('test')
->fields('test', ['id', 'name', 'age', 'job'])
->condition('age', 27)
->execute()->fetchObject();
// Check that all fields we asked for are present.
$this->assertNotNull($record->id, 'ID field is present.');
$this->assertNotNull($record->name, 'Name field is present.');
$this->assertNotNull($record->age, 'Age field is present.');
$this->assertNotNull($record->job, 'Job field is present.');
// Ensure that we got the right record.
// Check that all fields we asked for are present.
$this->assertEquals(2, $record->id, 'ID field has the correct value.');
$this->assertEquals('George', $record->name, 'Name field has the correct value.');
$this->assertEquals(27, $record->age, 'Age field has the correct value.');
$this->assertEquals('Singer', $record->job, 'Job field has the correct value.');
}
/**
* Tests adding all fields from a given table to a SELECT statement.
*/
public function testSimpleSelectAllFields(): void {
$record = $this->connection->select('test')
->fields('test')
->condition('age', 27)
->execute()->fetchObject();
// Check that all fields we asked for are present.
$this->assertNotNull($record->id, 'ID field is present.');
$this->assertNotNull($record->name, 'Name field is present.');
$this->assertNotNull($record->age, 'Age field is present.');
$this->assertNotNull($record->job, 'Job field is present.');
// Ensure that we got the right record.
// Check that all fields we asked for are present.
$this->assertEquals(2, $record->id, 'ID field has the correct value.');
$this->assertEquals('George', $record->name, 'Name field has the correct value.');
$this->assertEquals(27, $record->age, 'Age field has the correct value.');
$this->assertEquals('Singer', $record->job, 'Job field has the correct value.');
}
/**
* Tests that a comparison with NULL is always FALSE.
*/
public function testNullCondition(): void {
$this->ensureSampleDataNull();
$names = $this->connection->select('test_null', 'tn')
->fields('tn', ['name'])
->condition('age', NULL)
->execute()->fetchCol();
$this->assertCount(0, $names, 'No records found when comparing to NULL.');
}
/**
* Tests that we can find a record with a NULL value.
*/
public function testIsNullCondition(): void {
$this->ensureSampleDataNull();
$names = $this->connection->select('test_null', 'tn')
->fields('tn', ['name'])
->isNull('age')
->execute()->fetchCol();
$this->assertCount(1, $names, 'Correct number of records found with NULL age.');
$this->assertEquals('Ernie', $names[0], 'Correct record returned for NULL age.');
}
/**
* Tests that we can find a record without a NULL value.
*/
public function testIsNotNullCondition(): void {
$this->ensureSampleDataNull();
$names = $this->connection->select('test_null', 'tn')
->fields('tn', ['name'])
->isNotNull('tn.age')
->orderBy('name')
->execute()->fetchCol();
$this->assertCount(2, $names, 'Correct number of records found withNOT NULL age.');
$this->assertEquals('Gonzo', $names[0], 'Correct record returned for NOT NULL age.');
$this->assertEquals('Kermit', $names[1], 'Correct record returned for NOT NULL age.');
}
/**
* Tests that we can force a query to return an empty result.
*/
public function testAlwaysFalseCondition(): void {
$names = $this->connection->select('test', 'test')
->fields('test', ['name'])
->condition('age', 27)
->execute()->fetchCol();
$this->assertCount(1, $names);
$this->assertSame($names[0], 'George');
$names = $this->connection->select('test', 'test')
->fields('test', ['name'])
->condition('age', 27)
->alwaysFalse()
->execute()->fetchCol();
$this->assertCount(0, $names);
}
/**
* Tests that we can force an extended query to return an empty result.
*/
public function testExtenderAlwaysFalseCondition(): void {
$names = $this->connection->select('test', 'test')
->extend(SelectExtender::class)
->fields('test', ['name'])
->condition('age', 27)
->execute()->fetchCol();
$this->assertCount(1, $names);
$this->assertSame($names[0], 'George');
$names = $this->connection->select('test', 'test')
->extend(SelectExtender::class)
->fields('test', ['name'])
->condition('age', 27)
->alwaysFalse()
->execute()->fetchCol();
$this->assertCount(0, $names);
}
/**
* Tests that we can UNION multiple Select queries together.
*
* This is semantically equal to UNION DISTINCT, so we don't explicitly test
* that.
*/
public function testUnion(): void {
$query_1 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', [27, 28], 'IN');
$query_2 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', 28);
$query_1->union($query_2);
$names = $query_1->execute()->fetchCol();
// Ensure we only get 2 records.
$this->assertCount(2, $names, 'UNION correctly discarded duplicates.');
$this->assertEqualsCanonicalizing(['George', 'Ringo'], $names);
}
/**
* Tests that we can UNION ALL multiple SELECT queries together.
*/
public function testUnionAll(): void {
$query_1 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', [27, 28], 'IN');
$query_2 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', 28);
$query_1->union($query_2, 'ALL');
$names = $query_1->execute()->fetchCol();
// Ensure we get all 3 records.
$this->assertCount(3, $names, 'UNION ALL correctly preserved duplicates.');
$this->assertEquals('George', $names[0], 'First query returned correct first name.');
$this->assertEquals('Ringo', $names[1], 'Second query returned correct second name.');
$this->assertEquals('Ringo', $names[2], 'Third query returned correct name.');
}
/**
* Tests that we can get a count query for a UNION Select query.
*/
public function testUnionCount(): void {
$query_1 = $this->connection->select('test', 't')
->fields('t', ['name', 'age'])
->condition('age', [27, 28], 'IN');
$query_2 = $this->connection->select('test', 't')
->fields('t', ['name', 'age'])
->condition('age', 28);
$query_1->union($query_2, 'ALL');
$names = $query_1->execute()->fetchCol();
$count = (int) $query_1->countQuery()->execute()->fetchField();
// Ensure the counts match.
$this->assertSame(count($names), $count, "The count query's result matched the number of rows in the UNION query.");
}
/**
* Tests that we can UNION multiple Select queries together and set the ORDER.
*/
public function testUnionOrder(): void {
// This gives George and Ringo.
$query_1 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', [27, 28], 'IN');
// This gives Paul.
$query_2 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', 26);
$query_1->union($query_2);
$query_1->orderBy('name', 'DESC');
$names = $query_1->execute()->fetchCol();
// Ensure we get all 3 records.
$this->assertCount(3, $names, 'UNION returned rows from both queries.');
// Ensure that the names are in the correct reverse alphabetical order,
// regardless of which query they came from.
$this->assertEquals('Ringo', $names[0], 'First query returned correct name.');
$this->assertEquals('Paul', $names[1], 'Second query returned correct name.');
$this->assertEquals('George', $names[2], 'Third query returned correct name.');
}
/**
* Tests that we can UNION multiple Select queries together with and a LIMIT.
*/
public function testUnionOrderLimit(): void {
// This gives George and Ringo.
$query_1 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', [27, 28], 'IN');
// This gives Paul.
$query_2 = $this->connection->select('test', 't')
->fields('t', ['name'])
->condition('age', 26);
$query_1->union($query_2);
$query_1->orderBy('name', 'DESC');
$query_1->range(0, 2);
$names = $query_1->execute()->fetchCol();
// Ensure we get all only 2 of the 3 records.
$this->assertCount(2, $names, 'UNION with a limit returned rows from both queries.');
// Ensure that the names are in the correct reverse alphabetical order,
// regardless of which query they came from.
$this->assertEquals('Ringo', $names[0], 'First query returned correct name.');
$this->assertEquals('Paul', $names[1], 'Second query returned correct name.');
}
/**
* Tests that random ordering of queries works.
*
* We take the approach of testing the Drupal layer only, rather than trying
* to test that the database's random number generator actually produces
* random queries (which is very difficult to do without an unacceptable risk
* of the test failing by accident).
*
* Therefore, in this test we simply run the same query twice and assert that
* the two results are reordered versions of each other (as well as of the
* same query without the random ordering). It is reasonable to assume that
* if we run the same select query twice and the results are in a different
* order each time, the only way this could happen is if we have successfully
* triggered the database's random ordering functionality.
*/
public function testRandomOrder(): void {
// Use 52 items, so the chance that this test fails by accident will be the
// same as the chance that a deck of cards will come out in the same order
// after shuffling it (in other words, nearly impossible).
$number_of_items = 52;
while ($this->connection->query("SELECT MAX([id]) FROM {test}")->fetchField() < $number_of_items) {
$this->connection->insert('test')->fields(['name' => $this->randomMachineName()])->execute();
}
// First select the items in order and make sure we get an ordered list.
$expected_ids = range(1, $number_of_items);
$ordered_ids = $this->connection->select('test', 't')
->fields('t', ['id'])
->range(0, $number_of_items)
->orderBy('id')
->execute()
->fetchCol();
$this->assertEquals($expected_ids, $ordered_ids, 'A query without random ordering returns IDs in the correct order.');
// Now perform the same query, but instead choose a random ordering. We
// expect this to contain a differently ordered version of the original
// result.
$randomized_ids = $this->connection->select('test', 't')
->fields('t', ['id'])
->range(0, $number_of_items)
->orderRandom()
->execute()
->fetchCol();
$this->assertNotEquals($ordered_ids, $randomized_ids, 'A query with random ordering returns an unordered set of IDs.');
$sorted_ids = $randomized_ids;
sort($sorted_ids);
$this->assertEquals($ordered_ids, $sorted_ids, 'After sorting the random list, the result matches the original query.');
// Now perform the exact same query again, and make sure the order is
// different.
$randomized_ids_second_set = $this->connection->select('test', 't')
->fields('t', ['id'])
->range(0, $number_of_items)
->orderRandom()
->execute()
->fetchCol();
$this->assertNotEquals($randomized_ids, $randomized_ids_second_set, 'Performing the query with random ordering a second time returns IDs in a different order.');
$sorted_ids_second_set = $randomized_ids_second_set;
sort($sorted_ids_second_set);
$this->assertEquals($sorted_ids, $sorted_ids_second_set, 'After sorting the second random list, the result matches the sorted version of the first random list.');
}
/**
* Data provider for testRegularExpressionCondition().
*
* @return array[]
* Returns data-set elements with:
* - the expected result of the query
* - the table column to do the search on.
* - the regular expression pattern to search for.
* - the regular expression operator 'REGEXP' or 'NOT REGEXP'.
*/
public static function providerRegularExpressionCondition() {
return [
[['John'], 'name', 'hn$', 'REGEXP'],
[['Paul'], 'name', '^Pau', 'REGEXP'],
[['George', 'Ringo'], 'name', 'Ringo|George', 'REGEXP'],
[['Pete'], 'job', '#Drummer', 'REGEXP'],
[[], 'job', '#Singer', 'REGEXP'],
[['Paul', 'Pete'], 'age', '2[6]', 'REGEXP'],
[['George', 'Paul', 'Pete', 'Ringo'], 'name', 'hn$', 'NOT REGEXP'],
[['George', 'John', 'Pete', 'Ringo'], 'name', '^Pau', 'NOT REGEXP'],
[['John', 'Paul', 'Pete'], 'name', 'Ringo|George', 'NOT REGEXP'],
[['George', 'John', 'Paul', 'Ringo'], 'job', '#Drummer', 'NOT REGEXP'],
[['George', 'John', 'Paul', 'Pete', 'Ringo'], 'job', '#Singer', 'NOT REGEXP'],
[['George', 'John', 'Ringo'], 'age', '2[6]', 'NOT REGEXP'],
];
}
/**
* Tests that filter by 'REGEXP' and 'NOT REGEXP' works as expected.
*
* @dataProvider providerRegularExpressionCondition
*/
public function testRegularExpressionCondition($expected, $column, $pattern, $operator): void {
$database = $this->container->get('database');
$database->insert('test')
->fields([
'name' => 'Pete',
'age' => 26,
'job' => '#Drummer',
])
->execute();
$query = $database->select('test', 't');
$query->addField('t', 'name');
$query->condition("t.$column", $pattern, $operator);
$result = $query->execute()->fetchCol();
sort($result);
$this->assertEquals($expected, $result);
}
/**
* Tests that aliases are renamed when they are duplicates.
*/
public function testSelectDuplicateAlias(): void {
$query = $this->connection->select('test', 't');
$alias1 = $query->addField('t', 'name', 'the_alias');
$alias2 = $query->addField('t', 'age', 'the_alias');
$this->assertNotSame($alias1, $alias2, 'Duplicate aliases are renamed.');
}
/**
* Tests that an invalid count query throws an exception.
*/
public function testInvalidSelectCount(): void {
$this->expectException(DatabaseExceptionWrapper::class);
// This query will fail because the table does not exist.
$this->connection->select('some_table_that_does_not_exist', 't')
->fields('t')
->countQuery()
->execute();
}
/**
* Tests thrown exception for IN query conditions with an empty array.
*/
public function testEmptyInCondition(): void {
try {
$this->connection->select('test', 't')
->fields('t')
->condition('age', [], 'IN')
->execute();
$this->fail('Expected exception not thrown');
}
catch (InvalidQueryException $e) {
$this->assertEquals("Query condition 'age IN ()' cannot be empty.", $e->getMessage());
}
try {
$this->connection->select('test', 't')
->fields('t')
->condition('age', [], 'NOT IN')
->execute();
$this->fail('Expected exception not thrown');
}
catch (InvalidQueryException $e) {
$this->assertEquals("Query condition 'age NOT IN ()' cannot be empty.", $e->getMessage());
}
}
/**
* Data provider for testNonArrayOperatorWithArrayValueCondition().
*
* @return array[]
* Array of non array compatible operators and its value in the expected
* exception message.
*/
public static function providerNonArrayOperatorWithArrayValueCondition() {
return [
'=' => ['=', '='],
'>' => ['>', '>'],
'<' => ['<', '<'],
'>=' => ['>=', '>='],
'<=' => ['<=', '<='],
'IS NULL' => ['IS NULL', 'IS NULL'],
'IS NOT NULL' => ['IS NOT NULL', 'IS NOT NULL'],
'Empty string' => ['', '='],
'Not set' => [NULL, '='],
];
}
/**
* Tests thrown exception for non array operator conditions with array value.
*
* @dataProvider providerNonArrayOperatorWithArrayValueCondition
*/
public function testNonArrayOperatorWithArrayValueCondition($operator, $operator_in_exception_message): void {
$this->expectException(InvalidQueryException::class);
$this->expectExceptionMessage("Query condition 'age " . $operator_in_exception_message . " 26, 27' must have an array compatible operator.");
$this->connection->select('test', 't')
->fields('t')
->condition('age', [26, 27], $operator)
->execute();
}
/**
* Tests thrown exception for non array operator conditions with array value.
*
* @dataProvider providerNonArrayOperatorWithArrayValueCondition
* @group legacy
*/
public function testNonArrayOperatorWithArrayValueConditionDeprecated($operator, $operator_in_exception_message): void {
$this->expectDeprecation('Calling Drupal\Core\Database\Query\Condition::condition() without an array compatible operator is deprecated in drupal:10.1.0 and will be required in drupal:11.0.0. See https://www.drupal.org/node/3350985');
$this->connection->select('test', 't')
->fields('t')
->condition('age', [26], $operator)
->execute();
}
}