5 use SQL::Abstract::Test import => ['is_same_sql_bind'];
8 my $sqla = SQL::Abstract->new;
9 my $sqla_q = SQL::Abstract->new(quote_char => '"');
15 { 'bobby; tables' => 'bar' },
17 }, qr/Possible SQL injection attempt/, 'Injection thwarted on unquoted column' );
19 my ($sql, @bind) = $sqla_q->select(
22 { 'bobby; tables' => 'bar' },
27 'SELECT "bar" FROM "foo" WHERE ( "bobby; tables" = ? )',
29 'Correct sql with quotes on'
33 for ($sqla, $sqla_q) {
39 { x => { 'bobby; tables' => 'y' } },
41 }, qr/Possible SQL injection attempt/, 'Injection thwarted on top level op');
47 { x => { '<' => { "-go\ndo some harm" => 'y' } } },
49 }, qr/Possible SQL injection attempt/, 'Injection thwarted on chained functions');