Improved query splitter to handle semicolons in quoted blocks

intuibase · intuibase · commit d6194b5f4f18 · 2025-01-13T16:12:57.000+01:00
diff --git a/src/Instrumentation/MySqli/src/MySqliTracker.php b/src/Instrumentation/MySqli/src/MySqliTracker.php
@@ -171,13 +171,22 @@ private function splitQueries(string $sql)
         $blockDepth = 0;
         $tokens = preg_split('/(;)/', $sql, -1, PREG_SPLIT_DELIM_CAPTURE); // Keep semicolons as separate tokens
 
+        $singleQuotes = 0;
+        $doubleQuotes = 0;
+
         foreach ($tokens as $token) {
             if ($token === '') {
                 continue;
             }
 
-            if ($blockDepth === 0) {
-                $token = trim($token);
+            $tokenLen = strlen($token);
+            for ($i = 0; $i < $tokenLen; $i++) {
+                if ($token[$i] == "'" && ($token[$i - 1] ?? false) !== '\\') {
+                    $singleQuotes++;
+                }
+                if ($token[$i] == '"' && ($token[$i - 1] ?? false) !== '\\') {
+                    $doubleQuotes++;
+                }
             }
 
             $buffer .= $token;
@@ -192,13 +201,20 @@ private function splitQueries(string $sql)
                 $blockDepth--;
             }
 
+            // we're somewhere inside qoutes
+            if (($singleQuotes % 2) != 0 || ($doubleQuotes % 2) != 0) {
+                continue;
+            }
+
             // If we are outside a block and encounter a semicolon, split the query
             if ($blockDepth === 0 && $token === ';') {
                 $trimmedQuery = trim($buffer);
                 if ($trimmedQuery !== ';') { // Ignore empty queries
                     $queries[] = $trimmedQuery;
                 }
                 $buffer = '';
+                $singleQuotes = 0;
+                $doubleQuotes = 0;
             }
         }
 
diff --git a/src/Instrumentation/MySqli/tests/Integration/MySqliInstrumentationTest.php b/src/Instrumentation/MySqli/tests/Integration/MySqliInstrumentationTest.php
@@ -1374,7 +1374,6 @@ public function test_mysqli_select_db(): void
             ]);
         }
 
-
         mysqli_select_db($mysqli, $this->database);
 
         $res = $mysqli->query('SELECT * FROM users;');
diff --git a/src/Instrumentation/MySqli/tests/Integration/MySqliTrackerTest.php b/src/Instrumentation/MySqli/tests/Integration/MySqliTrackerTest.php
@@ -55,6 +55,28 @@ public function test_split_queries_whitespaces(): void
         $this->assertEquals($expected, $result);
     }
 
+    public function test_split_queries_with_binding(): void
+    {
+        $query = '
+            INSERT INTO `tableA` (columnA) VALUES (\'hello; world\'); SELECT LAST_INSERT_ID();
+            INSERT INTO `tableA` (columnA) VALUES (?); SELECT LAST_INSERT_ID();
+            INSERT INTO `tableA` (columnA) VALUES (\'hel\\\'lo; \\"world\'); SELECT LAST_INSERT_ID();
+        ';
+
+        $result = $this->splitQueries->invoke($this->tracker, $query);
+
+        $expected = [
+            "INSERT INTO `tableA` (columnA) VALUES ('hello; world');",
+            'SELECT LAST_INSERT_ID();',
+            'INSERT INTO `tableA` (columnA) VALUES (?);',
+            'SELECT LAST_INSERT_ID();',
+            "INSERT INTO `tableA` (columnA) VALUES ('hel\'lo; \\\"world');",
+            'SELECT LAST_INSERT_ID();',
+        ];
+
+        $this->assertEquals($expected, $result);
+    }
+
     public function test_split_queries_with_begin_end(): void
     {
         $query = "

Original file line number	Diff line number	Diff line change
`@@ -1374,7 +1374,6 @@ public function test_mysqli_select_db(): void`
`1374`	`1374`	`]);`
`1375`	`1375`	`}`
`1376`	`1376`
`1377`		`-`
`1378`	`1377`	`mysqli_select_db($mysqli, $this->database);`
`1379`	`1378`
`1380`	`1379`	`$res = $mysqli->query('SELECT * FROM users;');`