diff --git a/src/Phinx/Db/Adapter/MysqlAdapter.php b/src/Phinx/Db/Adapter/MysqlAdapter.php index bc758f774..4009ddb9e 100644 --- a/src/Phinx/Db/Adapter/MysqlAdapter.php +++ b/src/Phinx/Db/Adapter/MysqlAdapter.php @@ -1419,8 +1419,8 @@ public function hasDatabase(string $name): bool { $rows = $this->fetchAll( sprintf( - 'SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = \'%s\'', - $name, + 'SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = %s', + $this->getConnection()->quote($name), ), ); diff --git a/src/Phinx/Db/Adapter/PostgresAdapter.php b/src/Phinx/Db/Adapter/PostgresAdapter.php index 9dc0fe431..9fb6c2daa 100644 --- a/src/Phinx/Db/Adapter/PostgresAdapter.php +++ b/src/Phinx/Db/Adapter/PostgresAdapter.php @@ -1206,7 +1206,7 @@ public function createDatabase(string $name, array $options = []): void */ public function hasDatabase(string $name): bool { - $sql = sprintf("SELECT count(*) FROM pg_database WHERE datname = '%s'", $name); + $sql = sprintf('SELECT count(*) FROM pg_database WHERE datname = %s', $this->getConnection()->quote($name)); $result = $this->fetchRow($sql); return $result['count'] > 0; diff --git a/src/Phinx/Db/Adapter/SqlServerAdapter.php b/src/Phinx/Db/Adapter/SqlServerAdapter.php index 6a36f81cd..e730804b2 100644 --- a/src/Phinx/Db/Adapter/SqlServerAdapter.php +++ b/src/Phinx/Db/Adapter/SqlServerAdapter.php @@ -1198,8 +1198,8 @@ public function hasDatabase(string $name): bool /** @var array $result */ $result = $this->fetchRow( sprintf( - "SELECT count(*) as [count] FROM master.dbo.sysdatabases WHERE [name] = '%s'", - $name, + 'SELECT count(*) as [count] FROM master.dbo.sysdatabases WHERE [name] = %s', + $this->getConnection()->quote($name), ), ); diff --git a/tests/Phinx/Db/Adapter/MysqlAdapterTest.php b/tests/Phinx/Db/Adapter/MysqlAdapterTest.php index ccd7ab07a..a4e330a90 100644 --- a/tests/Phinx/Db/Adapter/MysqlAdapterTest.php +++ b/tests/Phinx/Db/Adapter/MysqlAdapterTest.php @@ -2030,6 +2030,11 @@ public function testHasDatabase() $this->assertTrue($this->adapter->hasDatabase(MYSQL_DB_CONFIG['name'])); } + public function testHasDatabaseWithSingleQuoteInName() + { + $this->assertFalse($this->adapter->hasDatabase("fake'database'name")); + } + public function testDropDatabase() { $this->assertFalse($this->adapter->hasDatabase('phinx_temp_database')); diff --git a/tests/Phinx/Db/Adapter/PostgresAdapterTest.php b/tests/Phinx/Db/Adapter/PostgresAdapterTest.php index d1db27e39..c38200358 100644 --- a/tests/Phinx/Db/Adapter/PostgresAdapterTest.php +++ b/tests/Phinx/Db/Adapter/PostgresAdapterTest.php @@ -1949,6 +1949,11 @@ public function testHasDatabase() $this->assertTrue($this->adapter->hasDatabase(PGSQL_DB_CONFIG['name'])); } + public function testHasDatabaseWithSingleQuoteInName() + { + $this->assertFalse($this->adapter->hasDatabase("fake'database'name")); + } + public function testDropDatabase() { $this->assertFalse($this->adapter->hasDatabase('phinx_temp_database')); diff --git a/tests/Phinx/Db/Adapter/SqlServerAdapterTest.php b/tests/Phinx/Db/Adapter/SqlServerAdapterTest.php index a69fc96a1..024378262 100644 --- a/tests/Phinx/Db/Adapter/SqlServerAdapterTest.php +++ b/tests/Phinx/Db/Adapter/SqlServerAdapterTest.php @@ -1184,6 +1184,11 @@ public function testHasDatabase() $this->assertTrue($this->adapter->hasDatabase(SQLSRV_DB_CONFIG['name'])); } + public function testHasDatabaseWithSingleQuoteInName() + { + $this->assertFalse($this->adapter->hasDatabase("fake'database'name")); + } + public function testDropDatabase() { $this->assertFalse($this->adapter->hasDatabase('phinx_temp_database'));