Index: openacs-4/packages/acs-tcl/tcl/test/db-proc-test-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/test/db-proc-test-procs.tcl,v
diff -u -r1.1.2.20 -r1.1.2.21
--- openacs-4/packages/acs-tcl/tcl/test/db-proc-test-procs.tcl	7 Feb 2022 10:20:11 -0000	1.1.2.20
+++ openacs-4/packages/acs-tcl/tcl/test/db-proc-test-procs.tcl	7 Feb 2022 12:13:57 -0000	1.1.2.21
@@ -30,6 +30,26 @@
     db_quoting {
         Try to break the db quoting by feeding weird stuff to it.
     } {
+
+        #
+        # Checking base essentials: PostgreSQL does not allow embedded
+        # NUL character.
+        #
+        set data "a\x00b"
+        aa_true "Attempting to sneak-in invalid data via bind values [ns_urlencode $data]" [catch {
+            db_string via_bindvar {select :data from dual}
+        }]
+
+        aa_true "Attempting to sneak-in invalid data via quoted value data [ns_urlencode $data]" [catch {
+            db_string via_dbquote [subst {select [ns_dbquotevalue $data] from dual}]
+        }]
+
+        #
+        # The following checks do not introduce anything new, but come
+        # from real-world intrusion detection ... although the tests
+        # look silly to me, since PostgreSQL ignores eveything after
+        # the NUL character.
+        #
         set strings {
             "I contain the null \u0000character"
             "\u0000"