Open staabm opened 2 years ago
craigfrancis
commented
2 years ago Might be worth looking at the PDO function that parses parameters, to see how it works.
It seems to use pdo_parse_params(), which is a bit more complicated than using the BINDCHR regex by itself (used later as PDO_PARSER_BIND).
It supports escaped question marks (??), comments (/* What about X? */ or -- To fix?), and quoted string values (see ANYNOEOF?).
staabm
commented
2 years ago Would be great if you could provide failling testcases if you have special cases in mind
craigfrancis
commented
2 years ago I don't have any real examples, but how about?
SELECT * FROM cmsdomain WHERE url LIKE "%?%";SELECT * FROM cmsdomain WHERE url LIKE "%:tag_name%";SELECT * FROM cmsdomain WHERE cmsdomainid IN (1,2) /* What about 3? */SELECT * FROM cmsdomain WHERE 1=2; -- :TODO?staabm
commented
2 years ago I don't have any real examples, but how about?
* `SELECT * FROM cmsdomain WHERE url LIKE "%?%";` * `SELECT * FROM cmsdomain WHERE url LIKE "%:tag_name%";` * `SELECT * FROM cmsdomain WHERE cmsdomainid IN (1,2) /* What about 3? */` * `SELECT * FROM cmsdomain WHERE 1=2; -- :TODO?`
these basic examples are now covered by https://github.com/staabm/phpstan-dba/pull/145
still on the long run we might better use a sql parser. lets see whether people report problems with their queries when running phpstan-dba on real projects
staabm
commented
2 years ago on twitter the SQLFTW/sqlftw project was suggested as a proper parser
Related problems
https://github.com/phpmyadmin/sql-parser
https://github.com/greenlion/PHP-SQL-Parser