search

greenlion / PHP-SQL-Parser

A pure PHP SQL (non validating) parser w/ focus on MySQL dialect of SQL
BSD 3-Clause "New" or "Revised" License
601 stars 156 forks source link

Parser fails when string contains `'` followed by `--` #354

Open carlomanf opened 2 years ago

carlomanf commented 2 years ago

The v4.4.0 parser gives incorrect results when a string contains an escaped ' character followed by the -- character sequence later in the string.

With the last two below examples, the where clause does not get parsed.

$parser = new PHPSQLParser();
$parser->parse('update table1 set col1 = \'\\\'\' where col2 = 1');      // works
$parser->parse('update table1 set col1 = \'--\' where col2 = 1');        // works
$parser->parse('update table1 set col1 = \'--\\\'\' where col2 = 1');    // works
$parser->parse('update table1 set col1 = \'\\\'--\' where col2 = 1');    // does not work
$parser->parse('update table1 set col1 = \'a\\\'b--c\' where col2 = 1'); // does not work

What happens to the where clause:

array(3) {
    ["expr_type"]=>
    string(5) "const"
    ["base_expr"]=>
    string(21) "'\'--' where col2 = 1"
    ["sub_tree"]=>
    bool(false)
}
array(3) {
    ["expr_type"]=>
    string(5) "const"
    ["base_expr"]=>
    string(24) "'a\'b--c' where col2 = 1"
    ["sub_tree"]=>
    bool(false)
}