Idea: Create plugins which will type check SQL operations

[TysonAndre]

http://php.net/manual/en/pdo.exec.php

E.g. for $count = $dbh->exec("SELECT rating, name FROM fruit");

• Phan should infer int for exec("DELETE ...")
• Phan should parse that the type is array<int,array{name:mixed, rating:mixed}>
• Phan should also look up constant access such as $dbh->exec(self::_sql_select)
• This depends on the availability of good SQL AST parsing libraries. I see tokenizing libraries, but not AST generation. Maybe heuristics would help (e.g. just SELECT ... WHERE)
• Unable to check many stored procedures
• Can also warn about using dynamic string concatentation.

[TysonAndre]

https://github.com/phpmyadmin/sql-parser

[TysonAndre]

https://github.com/TysonAndre/PhanSQLPlugin is a WIP

Using Phan's @template support to override getRows() or addBindVars may be useful.

https://secure.php.net/manual/en/mysqli-stmt.bind-param.php and https://secure.php.net/manual/en/mysqli-stmt.bind-result.php may be possible to analyze.

Haven't investigated what the most common approach is (Symfony? ORMs?)