From 0aeececbde74888cfc24839961dd8c49452eb05f Mon Sep 17 00:00:00 2001
From: sidneyprins <84329386+sidneyprins@users.noreply.github.com>
Date: Mon, 30 Oct 2023 15:29:38 +0100
Subject: [PATCH] [10.x] Throw exception when trying to escape array for
 database connection (#48836)

* Throw error when trying to escape array

* Add tests to test escaping array throwing exception

* Update Connection.php

---------

Co-authored-by: Taylor Otwell <taylor@laravel.com>
---
 src/Illuminate/Database/Connection.php              | 2 ++
 tests/Integration/Database/MySql/EscapeTest.php     | 7 +++++++
 tests/Integration/Database/Postgres/EscapeTest.php  | 7 +++++++
 tests/Integration/Database/SqlServer/EscapeTest.php | 7 +++++++
 tests/Integration/Database/Sqlite/EscapeTest.php    | 7 +++++++
 5 files changed, 30 insertions(+)

diff --git a/src/Illuminate/Database/Connection.php b/src/Illuminate/Database/Connection.php
index 24583f4a4079..a46448bb8974 100755
--- a/src/Illuminate/Database/Connection.php
+++ b/src/Illuminate/Database/Connection.php
@@ -1101,6 +1101,8 @@ public function escape($value, $binary = false)
             return (string) $value;
         } elseif (is_bool($value)) {
             return $this->escapeBool($value);
+        } elseif (is_array($value)) {
+            throw new RuntimeException('The database connection does not support escaping arrays.');
         } else {
             if (str_contains($value, "\00")) {
                 throw new RuntimeException('Strings with null bytes cannot be escaped. Use the binary escape option.');
diff --git a/tests/Integration/Database/MySql/EscapeTest.php b/tests/Integration/Database/MySql/EscapeTest.php
index 9ad6d6e8a41f..53d70bd8292d 100644
--- a/tests/Integration/Database/MySql/EscapeTest.php
+++ b/tests/Integration/Database/MySql/EscapeTest.php
@@ -61,4 +61,11 @@ public function testEscapeStringNullByte()
 
         $this->app['db']->escape("I am hiding a \00 byte");
     }
+
+    public function testEscapeArray()
+    {
+        $this->expectException(RuntimeException::class);
+
+        $this->app['db']->escape(['a', 'b']);
+    }
 }
diff --git a/tests/Integration/Database/Postgres/EscapeTest.php b/tests/Integration/Database/Postgres/EscapeTest.php
index dc382b4a1143..3a8de1329264 100644
--- a/tests/Integration/Database/Postgres/EscapeTest.php
+++ b/tests/Integration/Database/Postgres/EscapeTest.php
@@ -61,4 +61,11 @@ public function testEscapeStringNullByte()
 
         $this->app['db']->escape("I am hiding a \00 byte");
     }
+
+    public function testEscapeArray()
+    {
+        $this->expectException(RuntimeException::class);
+
+        $this->app['db']->escape(['a', 'b']);
+    }
 }
diff --git a/tests/Integration/Database/SqlServer/EscapeTest.php b/tests/Integration/Database/SqlServer/EscapeTest.php
index 77037d1cc810..51c4cbcdd4ca 100644
--- a/tests/Integration/Database/SqlServer/EscapeTest.php
+++ b/tests/Integration/Database/SqlServer/EscapeTest.php
@@ -57,4 +57,11 @@ public function testEscapeStringNullByte()
 
         $this->app['db']->escape("I am hiding a \00 byte");
     }
+
+    public function testEscapeArray()
+    {
+        $this->expectException(RuntimeException::class);
+
+        $this->app['db']->escape(['a', 'b']);
+    }
 }
diff --git a/tests/Integration/Database/Sqlite/EscapeTest.php b/tests/Integration/Database/Sqlite/EscapeTest.php
index f642c6fe3363..bcf6c2f0d5c2 100644
--- a/tests/Integration/Database/Sqlite/EscapeTest.php
+++ b/tests/Integration/Database/Sqlite/EscapeTest.php
@@ -73,4 +73,11 @@ public function testEscapeStringNullByte()
 
         $this->app['db']->escape("I am hiding a \00 byte");
     }
+
+    public function testEscapeArray()
+    {
+        $this->expectException(RuntimeException::class);
+
+        $this->app['db']->escape(['a', 'b']);
+    }
 }