Skip to content

Commit

Permalink
Merge pull request #113 from avit/master
Browse files Browse the repository at this point in the history
Fixed SQL placeholder parsing
  • Loading branch information
guilhermeblanco committed Jan 17, 2013
2 parents 328d8a5 + 153b752 commit f8604e1
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 18 deletions.
53 changes: 35 additions & 18 deletions lib/Doctrine/DBAL/SQLParserUtils.php
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,13 @@
*/
class SQLParserUtils
{
const POSITIONAL_TOKEN = '\?';
const NAMED_TOKEN = ':[a-zA-Z_][a-zA-Z0-9_]*';

// Quote characters within string literals can be preceded by a backslash.
const ESCAPED_SINGLE_QUOTED_TEXT = "'(?:[^'\\\\]|\\\\'|\\\\\\\\)*'";
const ESCAPED_DOUBLE_QUOTED_TEXT = '"(?:[^"\\\\]|\\\\"|\\\\\\\\)*"';

/**
* Get an array of the placeholders in an sql statements as keys and their positions in the query string.
*
Expand All @@ -49,27 +56,18 @@ static public function getPlaceholderPositions($statement, $isPositional = true)
return array();
}

$count = 0;
$inLiteral = false; // a valid query never starts with quotes
$stmtLen = strlen($statement);
$token = ($isPositional) ? self::POSITIONAL_TOKEN : self::NAMED_TOKEN;
$paramMap = array();
for ($i = 0; $i < $stmtLen; $i++) {
if ($statement[$i] == $match && !$inLiteral && ($isPositional || $statement[$i+1] != '=')) {
// real positional parameter detected

foreach (self::getUnquotedStatementFragments($statement) as $fragment) {
preg_match_all("/$token/", $fragment[0], $matches, PREG_OFFSET_CAPTURE);
foreach ($matches[0] as $placeholder) {
if ($isPositional) {
$paramMap[$count] = $i;
$paramMap[] = $placeholder[1] + $fragment[1];
} else {
$name = "";
// TODO: Something faster/better to match this than regex?
for ($j = $i + 1; ($j < $stmtLen && preg_match('(([a-zA-Z0-9_]{1}))', $statement[$j])); $j++) {
$name .= $statement[$j];
}
$paramMap[$i] = $name; // named parameters can be duplicated!
$i = $j;
$pos = $placeholder[1] + $fragment[1];
$paramMap[$pos] = substr($placeholder[0], 1, strlen($placeholder[0]));
}
++$count;
} else if ($statement[$i] == "'" || $statement[$i] == '"') {
$inLiteral = ! $inLiteral; // switch state!
}
}

Expand Down Expand Up @@ -180,4 +178,23 @@ static public function expandListParameters($query, $params, $types)

return array($query, $paramsOrd, $typesOrd);
}
}

/**
* Slice the SQL statement around pairs of quotes and
* return string fragments of SQL outside of quoted literals.
* Each fragment is captured as a 2-element array:
*
* 0 => matched fragment string,
* 1 => offset of fragment in $statement
*
* @param string $statement
* @return array
*/
static private function getUnquotedStatementFragments($statement)
{
$literal = self::ESCAPED_SINGLE_QUOTED_TEXT . '|' . self::ESCAPED_DOUBLE_QUOTED_TEXT;
preg_match_all("/([^'\"]+)(?:$literal)?/s", $statement, $fragments, PREG_OFFSET_CAPTURE);

return $fragments[1];
}
}
8 changes: 8 additions & 0 deletions tests/Doctrine/Tests/DBAL/SQLParserUtilsTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@ static public function dataGetPlaceholderPositions()
array("SELECT '?' FROM foo", true, array()),
array('SELECT "?" FROM foo WHERE bar = ?', true, array(32)),
array("SELECT '?' FROM foo WHERE bar = ?", true, array(32)),
array(
<<<'SQLDATA'
SELECT * FROM foo WHERE bar = 'it\'s a trap? \\' OR bar = ?
AND baz = "\"quote\" me on it? \\" OR baz = ?
SQLDATA
, true, array(58, 104)
),

// named
array('SELECT :foo FROM :bar', false, array(7 => 'foo', 17 => 'bar')),
Expand All @@ -37,6 +44,7 @@ static public function dataGetPlaceholderPositions()
array('SELECT :foo_id', false, array(7 => 'foo_id')), // Ticket DBAL-231
array('SELECT @rank := 1', false, array()), // Ticket DBAL-398
array('SELECT @rank := 1 AS rank, :foo AS foo FROM :bar', false, array(27 => 'foo', 44 => 'bar')), // Ticket DBAL-398
array('SELECT * FROM Foo WHERE bar > :start_date AND baz > :start_date', false, array(30 => 'start_date', 52 => 'start_date')) // Ticket GH-113
);
}

Expand Down

0 comments on commit f8604e1

Please sign in to comment.