From 3c948b1f5a9e3a9ca7a9d382c5d638752bee009b Mon Sep 17 00:00:00 2001
From: Daniel Kukula <daniel.kuku@gmail.com>
Date: Tue, 29 Oct 2024 19:07:05 +0100
Subject: [PATCH] update tests

---
 test/query_test.exs | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/test/query_test.exs b/test/query_test.exs
index 65b11fe2..3f59bfc9 100644
--- a/test/query_test.exs
+++ b/test/query_test.exs
@@ -1851,12 +1851,17 @@ defmodule QueryTest do
     assert [["1", "2"], ["3", "4"]] = query("COPY (VALUES (1, 2), (3, 4)) TO STDOUT", [], opts)
   end
 
-  test "comment", context do
+  test "comment is not interfering with the query", context do
     assert [[123]] = query("select 123", [], comment: "query comment goes here")
-    assert [[123]] = query("select 123", [], comment: "query comment goes here;")
-    %Postgrex.Error{postgres: error} = query("select 123", [], comment: "*/ select 456 --")
+    assert [[123]] = query("select 123;", [], comment: "query comment goes here")
+  end
 
+  test "comment does not allow for sql injection", context do
+    %Postgrex.Error{postgres: error} = query("select 123", [], comment: "*/ select 456 --")
     assert error.message =~ "cannot insert multiple commands into a prepared statement"
+
+    %Postgrex.Error{postgres: error} = query("select 123", [], comment: "*/ where false --")
+    assert error.message =~ ~s'syntax error at or near "where"'
   end
 
   @tag :big_binary