phpstan-dba icon indicating copy to clipboard operation
phpstan-dba copied to clipboard

Published 20 hours ago verified publisher icon staabm

Use proper sql parser

Open staabm opened this issue 3 years ago • 5 comments

Related problems

  • [x] https://github.com/staabm/phpstan-dba/issues/106#issuecomment-1014785550
  • [x] https://github.com/staabm/phpstan-dba/issues/122
  • [ ] https://github.com/staabm/phpstan-dba/blob/cac63a658c777715037f6e9a987df3a96b847328/src/QueryReflection/QuerySimulation.php#L87-L92
  • [ ] make test of https://github.com/staabm/phpstan-dba/pull/153 pass, without non-SELECT optout workaround
  • [ ] https://github.com/staabm/phpstan-dba/pull/172
  • [x] https://github.com/staabm/phpstan-dba/issues/175
  • [x] https://github.com/staabm/phpstan-dba/pull/244
  • [x] https://github.com/staabm/phpstan-dba/issues/248
  • [ ] https://github.com/staabm/phpstan-dba/pull/65
  • [x] https://github.com/staabm/phpstan-dba/issues/279
  • [ ] https://github.com/staabm/phpstan-dba/issues/292
  • [ ] https://github.com/staabm/phpstan-dba/issues/297
  • [x] https://github.com/staabm/phpstan-dba/issues/309

https://github.com/phpmyadmin/sql-parser

https://github.com/greenlion/PHP-SQL-Parser

staabm avatar Jan 17 '22 18:01 staabm

Might be worth looking at the PDO function that parses parameters, to see how it works.

It seems to use pdo_parse_params(), which is a bit more complicated than using the BINDCHR regex by itself (used later as PDO_PARSER_BIND).

It supports escaped question marks (??), comments (/* What about X? */ or -- To fix?), and quoted string values (see ANYNOEOF?).

craigfrancis avatar Jan 17 '22 18:01 craigfrancis

Would be great if you could provide failling testcases if you have special cases in mind

staabm avatar Jan 17 '22 18:01 staabm

I don't have any real examples, but how about?

  • SELECT * FROM cmsdomain WHERE url LIKE "%?%";
  • SELECT * FROM cmsdomain WHERE url LIKE "%:tag_name%";
  • SELECT * FROM cmsdomain WHERE cmsdomainid IN (1,2) /* What about 3? */
  • SELECT * FROM cmsdomain WHERE 1=2; -- :TODO?

craigfrancis avatar Jan 17 '22 18:01 craigfrancis

I don't have any real examples, but how about?

* `SELECT * FROM cmsdomain WHERE url LIKE "%?%";`

* `SELECT * FROM cmsdomain WHERE url LIKE "%:tag_name%";`

* `SELECT * FROM cmsdomain WHERE cmsdomainid IN (1,2) /* What about 3? */`

* `SELECT * FROM cmsdomain WHERE 1=2; -- :TODO?`

these basic examples are now covered by https://github.com/staabm/phpstan-dba/pull/145

still on the long run we might better use a sql parser. lets see whether people report problems with their queries when running phpstan-dba on real projects

staabm avatar Jan 19 '22 12:01 staabm

on twitter the SQLFTW/sqlftw project was suggested as a proper parser

staabm avatar Aug 26 '22 10:08 staabm