Merge branch 'dev'

Author: Tamas Bolner

.github/workflows/php-windows.yml renamed to .github/workflows/php-windows.yml.nop

@@ -9,7 +9,7 @@
             "compilerPath": "/usr/bin/g++",
             "cStandard": "gnu11",
             "cppStandard": "gnu++11",
-            "intelliSenseMode": "clang-x64",
+            "intelliSenseMode": "gcc-x64",
             "compilerArgs": [
                 "-lssl"
             ]

.vscode/c_cpp_properties.json

@@ -123,6 +123,9 @@ foreach($result as $record) {
 }
 ```
 
+The returned values are always in string representation except the null, which
+is always returned as `null`.
+
 ## Example 2: Get execution stats
 
 ```php
@@ -163,26 +166,20 @@ $result = $connection->Query('
 ', [ "D'artagnan", 5.3 ]);
 ```
 
-The parameter types for prepared statements have to match
-the column types. See the below example. Never pass `null`,
-`true`, `false` values as strings.
+In MonetDB the placeholders of prepared statements have specific types.
+This library auto-converts some of PHP types to the corresponding MonetDB types.
 
-```php
-$result = $connection->Query('
-    update
-        "test"
-    set
-        "nullable_column" = ?
-    where
-        "bool_column" = ?
-        and "numeric_column" > ?
-        and "date_column" > ?
-        and "timestamp_column" < ?
-', [ null, false, 5.3, "2020-12-08", new DateTime()]);
-```
+| MonetDB type | Accepted PHP types | Value examples |
+| --- | --- | --- |
+| timestamp | `string`, `DateTime` | `"2020-12-20 11:14:26.123456"` |
+| date | `string`, `DateTime` | `"2020-12-20"` |
+| boolean | `boolean`, `string`, `integer` | `true`, `false`, `"true"`, `0`, `"0"`, `1`, `"t"`, `"f"`, `"yes"`, `"no"`, `"enabled"`, `"disabled"` |
+| Numeric values | `integer`, `float`, `string` | `12.34`, `"12.34"` (use string for huge numbers) |
+| Character types | `string` | `"Hello World!"` |
+| Binary | `string` | `"0f44ba12"` (always interpreted as hexadecimal) |
+| time | `string`, `DateTime` | `"11:28"`, `"12:28:34"` |
 
-While the `date` values have to be passed as normal strings, the
-`timestamp` type has be passed as a `DateTime` object.
+Always pass the null values as `null`, and not as a string.
 
 ## Example 4: Using escaping
 
@@ -351,7 +348,7 @@ $result3 = $connection3->Query("...");
 | --- | --- |
 | <strong>__construct</strong> | Create a new connection to a MonetDB database. <br><br><strong>@param</strong> <em>string</em> <strong>$host</strong> : The host of the database. Use '127.0.0.1' if the DB is on the same machine.<br><strong>@param</strong> <em>int</em> <strong>$port</strong> : The port of the database. For MonetDB this is usually 50000.<br><strong>@param</strong> <em>string</em> <strong>$user</strong> : The user name.<br><strong>@param</strong> <em>string</em> <strong>$password</strong> : The password of the user.<br><strong>@param</strong> <em>string</em> <strong>$database</strong> : The name of the database to connect to. Don't forget to release and start it.<br><strong>@param</strong> <em>string</em> <strong>$saltedHashAlgo</strong> <em>= "SHA1"</em> : Optional. The preferred hash algorithm to be used for exchanging the password. It has to be supported by both the server and PHP. This is only used for the salted hashing. Another stronger algorithm is used first (usually SHA512).<br><strong>@param</strong> <em>bool</em> <strong>$syncTimeZone</strong> <em>= true</em> : If true, then tells the clients time zone offset to the server, which will convert all timestamps is case there's a difference. If false, then the timestamps will end up on the server unmodified.<br><strong>@param</strong> <em>int</em> <strong>$maxReplySize</strong> <em>= 200</em> : The maximal number of tuples returned in a response. A higher value results in smaller number of memory allocations and string operations, but also in higher memory footprint. |
 | <strong>Close</strong> | Close the connection |
-| <strong>Query</strong> | Execute an SQL query and return its response. For 'select' queries the response can be iterated using a 'foreach' statement. You can pass an array as second parameter to execute the query as prepared statement, where the array contains the parameter values. SECURITY WARNING: For prepared statements in MonetDB, the parameter values are passed in a regular 'EXECUTE' command, using escaping. Therefore the same security considerations apply here as for using the Connection->Escape(...) method. Please read the comments for that method. <br><br><strong>@param</strong> <em>string</em> <strong>$sql</strong><br><strong>@param</strong> <em>array</em> <strong>$params</strong> <em>= null</em> : An optional array for prepared statement parameters. If not provided (or null), then a normal query is executed instead of a prepared statement. The parameter values will retain their PHP type if possible. The following values won't be converted to string: null, true, false and numeric values.<br><strong>@return</strong> <em>Response</em> |
+| <strong>Query</strong> | Execute an SQL query and return its response. For 'select' queries the response can be iterated using a 'foreach' statement. You can pass an array as second parameter to execute the query as prepared statement, where the array contains the parameter values. SECURITY WARNING: For prepared statements in MonetDB, the parameter values are passed in a regular 'EXECUTE' command, using escaping. Therefore the same security considerations apply here as for using the Connection->Escape(...) method. Please read the comments for that method. <br><br><strong>@param</strong> <em>string</em> <strong>$sql</strong><br><strong>@param</strong> <em>array</em> <strong>$params</strong> <em>= null</em> : An optional array for prepared statement parameters. If not provided (or null), then a normal query is executed instead of a prepared statement. The parameter values will be converted to the proper MonetDB type when possible. See the relevant section of README.md about parameterized queries for more details.<br><strong>@return</strong> <em>Response</em> |
 | <strong>QueryFirst</strong> | Execute an SQL query and return only the first row as an associative array. If there is more data on the stream, then discard all. Returns null if the query has empty result. You can pass an array as second parameter to execute the query as prepared statement, where the array contains the parameter values. <br><br><strong>@param</strong> <em>string</em> <strong>$sql</strong><br><strong>@param</strong> <em>array</em> <strong>$params</strong> <em>= null</em> : An optional array for prepared statement parameters. If not provided (or null), then a normal query is executed instead of a prepared statement. See the 'Query' method for more information about the parameter values.<br><strong>@return</strong> <em>string[] -or- null</em> |
 | <strong>Command</strong> | Send a 'command' to MonetDB. Commands are used for configuring the database, for example setting the maximal response size, or for requesting unread parts of a query response ('export').<br><br><strong>@param</strong> <em>string</em> <strong>$command</strong><br><strong>@param</strong> <em>bool</em> <strong>$noResponse</strong> <em>= true</em> : If true, then returns NULL and makes no read to the underlying socket.<br><strong>@return</strong> <em>Response -or- null</em> |
 | <strong>Escape</strong> | Escape a string value, to be inserted into a query, inside single quotes. The following characters are escaped by this method: backslash, single quote, carriage return, line feed, tabulator, null character, CTRL+Z. As a security measure this library forces the use of multi-byte support and UTF-8 encoding, which is also used by MonetDB, avoiding the SQL-injection attacks, which play with differences between character encodings. <br><br><strong>@param</strong> <em>string</em> <strong>$value</strong><br><strong>@return</strong> <em>string</em> |

README.md

@@ -509,7 +509,7 @@ Discussed in chapter [Data response](#521-data-response---1).
 Error responses start with an exclamation mark `!`, followed by an error code, then a text
 message after a second exclamation mark. When the server returns an error message,
 then it clears the complete session state (forgets everything, including prepared
-statements and active queries).
+statements and active queries) and closes the connection.
 
 Examples:
 

protocol_doc/README.md

@@ -325,9 +325,9 @@ private function Write(string $msg)
      * @param string $sql
      * @param array|null $params An optional array for prepared statement parameters.
      * If not provided (or null), then a normal query is executed instead of
-     * a prepared statement. The parameter values will retain their PHP type if
-     * possible. The following values won't be converted to string: null, true, false
-     * and numeric values.
+     * a prepared statement. The parameter values will be converted to the proper
+     * MonetDB type when possible. See the relevant section of README.md about
+     * parameterized queries for more details.
      * @return Response
      */
     public function Query(string $sql, array $params = null): Response
@@ -456,20 +456,42 @@ function($match) {
      * @param array $params
      */
     private function WritePreparedStatement(string $sql, array $params) {
-        $queryHash = hash('sha256', $sql);
+        $params = array_values($params);
 
-        if (!isset($this->preparedStatements[$queryHash])) {
+        if (!isset($this->preparedStatements[$sql])) {
             $this->Write("sPREPARE ".rtrim($sql, "\r\n\t ;")."\n;");
             $response = $this->inputStream->ReceiveResponse();
             $stats = $response->GetStatusRecords()[0];
-            $this->preparedStatements[$queryHash] = $stats->GetPreparedStatementID();
+            $paramTypes = [];
+
+            foreach($response as $row) {
+                if ($row['column'] === null) {
+                    $paramTypes[] = $row['type'];
+                }
+            }
+
+            if (count($paramTypes) < 1) {
+                throw new MonetException("The SQL statement has no placeholders (like '?') for parameters.");
+            }
+
+            $this->preparedStatements[$sql] = [
+                $stats->GetPreparedStatementID(),
+                $paramTypes
+            ];
 
             $response->Discard();
         }
 
-        $id = $this->preparedStatements[$queryHash];
+        list($id, $paramTypes) = $this->preparedStatements[$sql];
+
+        if (count($params) != count($paramTypes)) {
+            throw new MonetException("The number of placeholders in the SQL statement is not the same as the number of passed parameters.");
+        }
+
         $escaped = [];
-        foreach($params as $param) {
+        foreach($params as $index => $param) {
+            $type = $paramTypes[$index];
+
             if ($param === null) {
                 $escaped[] = "NULL";
             }
@@ -479,18 +501,75 @@ private function WritePreparedStatement(string $sql, array $params) {
             else if ($param === false) {
                 $escaped[] = "false";
             }
-            elseif (is_numeric($param) && !is_string($param)) {
-                $escaped[] = $param + 0;
+            elseif (is_string($param)) {
+                if (in_array($type, ['char', 'varchar', 'clob'])) {
+                    $escaped[] = "'".$this->Escape($param)."'";
+                }
+                else if ($type == "hugeint" || $type == "decimal") {
+                    $escaped[] = preg_replace('/[^0-9\.\+\-ex]/i', '', $param);
+                }
+                else if ($type == "timestamp") {
+                    $escaped[] = "TIMESTAMP '".$this->Escape($param)."'";
+                }
+                else if ($type == "int" || $type == "bigint") {
+                    $escaped[] = (string)((int)$param);
+                }
+                else if ($type == "double" || $type == "real") {
+                    $escaped[] = (string)((float)$param);
+                }
+                else if ($type == "blob") {
+                    $escaped[] = "x'".preg_replace('/[^0-9a-f]/i', '', $param)."'";
+                }
+                else if ($type == "boolean") {
+                    $lower = strtolower($param);
+                    if (in_array($lower, ['1', 'true', 'yes', 't', 'enabled'])) {
+                        $escaped[] = "true";
+                    } else if (in_array($lower, ['0', 'false', 'no', 'f', 'disabled'])) {
+                        $escaped[] = "false";
+                    } else {
+                        throw new MonetException("Invalid value passed for parameter '".($index + 1).
+                            "': Expected boolean, received: {$param}");
+                    }
+                }
+                else if ($type == "time") {
+                    $escaped[] = "time '".preg_replace('/[^0-9\:]/i', '', $param)."'";
+                }
+                else {
+                    $escaped[] = "'".$this->Escape($param)."'";
+                }
+            }
+            elseif (is_float($param) || is_integer($param)) {
+                if ($type == "boolean") {
+                    if ($param == 0) {
+                        $escaped[] = "false";
+                    } else {
+                        $escaped[] = "true";
+                    }
+                } else {
+                    $escaped[] = (string)$param;
+                }
             }
             elseif ($param instanceof DateTime) {
-                $escaped[] = "TIMESTAMP '".$param->format("Y-m-d H:i:s.u")."'";
+                if ($type == "date") {
+                    $escaped[] = "'".$param->format("Y-m-d")."'";
+                } else if ($type == "timestamp") {
+                    $escaped[] = "TIMESTAMP '".$param->format("Y-m-d H:i:s.u")."'";
+                } else if ($type == "time") {
+                    $escaped[] = "time '".$param->format("H:i:s")."'";
+                }
             }
             else {
-                $escaped[] = "'".$this->Escape((string)$param)."'";
+                $gotType = gettype($param);
+                if ($gotType == "object") {
+                    $gotType = get_class($param);
+                }
+
+                throw new MonetException("Parameter ".($index + 1)." has invalid PHP type: '{$gotType}'. "
+                    ."(Expected SQL type: '{$type}'.)");
             }
         }
 
-        $this->Write("sEXECUTE {$id}(".implode(",", $escaped).");");
+        $this->Write("sEXECUTE {$id}(".implode(", ", $escaped).");");
     }
 
     /**

src/Connection.php

@@ -17,8 +17,6 @@
 
 namespace MonetDB;
 
-use Exception;
-
 /**
  * This class represents a response for an SQL query
  * or for a command.
@@ -224,7 +222,7 @@ private function Parse() {
                 return;
             }
             else if ($first == InputStream::MSG_QUERY) {
-                if ($second == InputStream::Q_TABLE) {
+                if ($second == InputStream::Q_TABLE || $second == InputStream::Q_PREPARE) {
                     $status = new StatusRecord($second, $this->currentLine);
                     $this->statusRecords[] = $status;
                     $this->ignoreTuples = false;
@@ -298,14 +296,7 @@ private function Parse() {
 
                     continue;
                 }
-                else if ($second == InputStream::Q_PREPARE) {
-                    /*
-                        It returns some meaningless dataset when created. Skip that.
-                    */
-                    $this->statusRecords[] = new StatusRecord($second, $this->currentLine);
-                    $this->Discard();
-                    return;
-                } else {
+                else {
                     $this->statusRecords[] = new StatusRecord($second, $this->currentLine);
                     continue;
                 }

src/Response.php

@@ -8,31 +8,31 @@ final class dec38Test extends TestCase {
     /**
      * @var Connection
      */
-    public $conn;
+    public static $conn;
 
-    public function setUp(): void
+    public static function setUpBeforeClass(): void
     {
-        $this->conn = new Connection("127.0.0.1", 50000, "monetdb", "monetdb", "myDatabase");
+        self::$conn = new Connection("127.0.0.1", 50000, "monetdb", "monetdb", "myDatabase");
     }
 
     public function testBigIntTable(): void 
     {
-        $this->conn->Query("drop table if exists php_dec38");
-        $res = $this->conn->Query("CREATE TABLE php_dec38 (d38_0 DECIMAL(38,0), d38_19 DECIMAL(38,19), d38_38 DECIMAL(38,38));");
+        self::$conn->Query("drop table if exists php_dec38");
+        $res = self::$conn->Query("CREATE TABLE php_dec38 (d38_0 DECIMAL(38,0), d38_19 DECIMAL(38,19), d38_38 DECIMAL(38,38));");
 
         $this->assertCount(0, $res);
     }
 
     public function testInsertBigInt(): void 
     {
-        $res = $this->conn->Query("INSERT INTO php_dec38 VALUES (12345678901234567899876543210987654321, 1234567890123456789.9876543210987654321, .12345678901234567899876543210987654321);");
+        $res = self::$conn->Query("INSERT INTO php_dec38 VALUES (12345678901234567899876543210987654321, 1234567890123456789.9876543210987654321, .12345678901234567899876543210987654321);");
 
         $this->assertCount(0, $res);
     }
 
     public function testSelectBigInt(): void 
     {
-        $res = $this->conn->QueryFirst("SELECT * FROM php_dec38");
+        $res = self::$conn->QueryFirst("SELECT * FROM php_dec38");
 
         $this->assertEquals($res["d38_0"], "12345678901234567899876543210987654321");
         $this->assertEquals($res["d38_19"], "1234567890123456789.9876543210987654321");

tests/dec38Test.php

@@ -9,38 +9,38 @@ final class int128Test extends TestCase {
     /**
      * @var Connection
      */
-    public $conn;
+    public static $conn;
 
-    public function setUp(): void
+    public static function setUpBeforeClass(): void
     {
-        $this->conn = new Connection("127.0.0.1", 50000, "monetdb", "monetdb", "myDatabase");
+        self::$conn = new Connection("127.0.0.1", 50000, "monetdb", "monetdb", "myDatabase");
     }
 
     public function testStartTransaction(): void 
     {
-        $res = $this->conn->Query("START TRANSACTION");
+        $res = self::$conn->Query("START TRANSACTION");
 
         $this->assertCount(0, $res);
     }
 
     public function testBigIntTable(): void 
     {
-        $this->conn->Query("drop table if exists php_int128");
-        $res = $this->conn->Query("CREATE TABLE php_int128 (i HUGEINT);");
+        self::$conn->Query("drop table if exists php_int128");
+        $res = self::$conn->Query("CREATE TABLE php_int128 (i HUGEINT);");
 
         $this->assertCount(0, $res);
     }
 
     public function testInsertBigInt(): void 
     {
-        $res = $this->conn->Query("INSERT INTO php_int128 VALUES (123456789098765432101234567890987654321);");
+        $res = self::$conn->Query("INSERT INTO php_int128 VALUES (123456789098765432101234567890987654321);");
 
         $this->assertCount(0, $res);
     }
 
     public function testSelectBigInt(): void 
     {
-        $res = $this->conn->QueryFirst("SELECT * FROM php_int128");
+        $res = self::$conn->QueryFirst("SELECT * FROM php_int128");
 
         $this->assertEquals($res["i"], "123456789098765432101234567890987654321");
     }