artemeon · romankonz · May 3, 2026 · May 3, 2026
diff --git a/tests/ConnectionTest.php b/tests/ConnectionTest.php
@@ -20,6 +20,9 @@
 use Artemeon\Database\Exception\QueryException;
 use Artemeon\Database\Exception\RemoveColumnException;
 use Artemeon\Database\Schema\DataType;
+use Artemeon\Database\Tests\Fixtures\EscapeableValue;
+use Artemeon\Database\Tests\Fixtures\IntBackedEnum;
+use Artemeon\Database\Tests\Fixtures\StringBackedEnum;
 use DateInterval;
 use DateTime;
 use PHPUnit\Framework\Attributes\CoversClass;
@@ -962,4 +965,124 @@ public function testHasTable(): void
         $this->assertTrue($connection->hasTable($tableName));
         $this->assertFalse($connection->hasTable('table_does_not_exist'));
     }
+
+    #[DataProvider('dbsafeStringProvider')]
+    public function testDbsafeString(
+        mixed $input,
+        mixed $expected,
+        bool $htmlSpecialChars = true,
+        bool $addSlashes = true,
+    ): void {
+        $this->assertSame(
+            $expected,
+            $this->getConnection()->dbsafeString($input, $htmlSpecialChars, $addSlashes),
+        );
+    }
+
+    /**
+     * @return array<string, array{input: mixed, expected: mixed, htmlSpecialChars?: bool, addSlashes?: bool}>
+     */
+    public static function dbsafeStringProvider(): array
+    {
+        return [
+            'null' => [
+                'input' => null,
+                'expected' => null,
+            ],
+            'int' => [
+                'input' => 42,
+                'expected' => 42,
+            ],
+            'float' => [
+                'input' => 1.5,
+                'expected' => 1.5,
+            ],
+            'bool true is cast to 1' => [
+                'input' => true,
+                'expected' => 1,
+            ],
+            'bool false is cast to 0' => [
+                'input' => false,
+                'expected' => 0,
+            ],
+            'plain string passthrough' => [
+                'input' => 'plain',
+                'expected' => 'plain',
+            ],
+            'string with html chars is escaped' => [
+                'input' => '<a>',
+                'expected' => '&lt;a&gt;',
+            ],
+            'string with quote is escaped' => [
+                'input' => "O'Brien",
+                'expected' => "O\\'Brien",
+            ],
+            'htmlSpecialChars=false skips html escape' => [
+                'input' => '<a>',
+                'expected' => '<a>',
+                'htmlSpecialChars' => false,
+            ],
+            'addSlashes=false skips slash escape' => [
+                'input' => "O'Brien",
+                'expected' => "O'Brien",
+                'addSlashes' => false,
+            ],
+            'BackedEnum (string)' => [
+                'input' => StringBackedEnum::Foo,
+                'expected' => 'foo',
+            ],
+            'BackedEnum (int)' => [
+                'input' => IntBackedEnum::Forty,
+                'expected' => 40,
+            ],
+            'BackedEnum (string with html chars is escaped)' => [
+                'input' => StringBackedEnum::WithHtml,
+                'expected' => '&lt;a&gt;',
+            ],
+            'BackedEnum (string with quote is escaped)' => [
+                'input' => StringBackedEnum::WithQuote,
+                'expected' => "O\\'Brien",
+            ],
+            'BackedEnum (htmlSpecialChars=false skips html escape)' => [
+                'input' => StringBackedEnum::WithHtml,
+                'expected' => '<a>',
+                'htmlSpecialChars' => false,
+            ],
+            'BackedEnum (addSlashes=false skips slash escape)' => [
+                'input' => StringBackedEnum::WithQuote,
+                'expected' => "O'Brien",
+                'addSlashes' => false,
+            ],
+            'EscapeableParameterInterface (string)' => [
+                'input' => new EscapeableValue('hello'),
+                'expected' => 'hello',
+            ],
+            'EscapeableParameterInterface (int)' => [
+                'input' => new EscapeableValue(123),
+                'expected' => 123,
+            ],
+            'EscapeableParameterInterface (null)' => [
+                'input' => new EscapeableValue(null),
+                'expected' => null,
+            ],
+            'EscapeableParameterInterface (string with html chars is escaped)' => [
+                'input' => new EscapeableValue('<a>'),
+                'expected' => '&lt;a&gt;',
+            ],
+            'EscapeableParameterInterface (string with quote is escaped)' => [
+                'input' => new EscapeableValue("O'Brien"),
+                'expected' => "O\\'Brien",
+            ],
+            'EscapeableParameterInterface (htmlSpecialChars=false skips html escape)' => [
+                'input' => new EscapeableValue('<a>'),
+                'expected' => '<a>',
+                'htmlSpecialChars' => false,
+            ],
+            'EscapeableParameterInterface (addSlashes=false skips slash escape)' => [
+                'input' => new EscapeableValue("O'Brien"),
+                'expected' => "O'Brien",
+                'addSlashes' => false,
+            ],
+        ];
+    }
 }
diff --git a/tests/Fixtures/EscapeableValue.php b/tests/Fixtures/EscapeableValue.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Artemeon Core - Web Application Framework.
+ *
+ * (c) Artemeon <www.artemeon.de>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Artemeon\Database\Tests\Fixtures;
+
+use Artemeon\Database\EscapeableParameterInterface;
+use Stringable;
+
+final class EscapeableValue implements EscapeableParameterInterface
+{
+    /**
+     * @param scalar|Stringable|null $value
+     */
+    public function __construct(private readonly mixed $value)
+    {
+    }
+
+    public function isEscape(): bool
+    {
+        return true;
+    }
+
+    public function getValue(): mixed
+    {
+        return $this->value;
+    }
+}
diff --git a/tests/Fixtures/IntBackedEnum.php b/tests/Fixtures/IntBackedEnum.php
@@ -0,0 +1,19 @@
+<?php
+
+/*
+ * This file is part of the Artemeon Core - Web Application Framework.
+ *
+ * (c) Artemeon <www.artemeon.de>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Artemeon\Database\Tests\Fixtures;
+
+enum IntBackedEnum: int
+{
+    case Forty = 40;
+}
diff --git a/tests/Fixtures/StringBackedEnum.php b/tests/Fixtures/StringBackedEnum.php
@@ -0,0 +1,21 @@
+<?php
+
+/*
+ * This file is part of the Artemeon Core - Web Application Framework.
+ *
+ * (c) Artemeon <www.artemeon.de>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Artemeon\Database\Tests\Fixtures;
+
+enum StringBackedEnum: string
+{
+    case Foo = 'foo';
+    case WithHtml = '<a>';
+    case WithQuote = "O'Brien";
+}