detect syntax errors in PDO->prepare() (#35)

staabm · clxmstaab · web-flow · commit 09be3ee464e0 · 2022-01-07T08:49:29.000+01:00
Co-authored-by: Markus Staab &lt;m.staab@complex-it.de&gt;
diff --git a/README.md b/README.md
@@ -5,6 +5,7 @@ This extension provides following features:
 * `PDO->query` knows the array shape of the returned results and therefore can return a generic `PDOStatement`
 * `mysqli->query` knows the array shape of the returned results and therefore can return a generic `mysqli_result`
 * `SyntaxErrorInQueryMethodRule` can inspect sql queries and detect syntax errors - `SyntaxErrorInQueryFunctionRule` can do the same for functions
+  * builtin is query syntax error detection for `mysqli_query`, `mysqli->query`, `PDO->query` and `PDO->prepare`
 * `mysqli_real_escape_string` and `mysqli->real_escape_string` dynamic return type extensions
 * `pdo->quote` dynamic return type extension
 
diff --git a/config/dba.neon b/config/dba.neon
@@ -9,6 +9,7 @@ services:
 		arguments:
 			classMethods:
 				- 'PDO::query#0'
+				- 'PDO::prepare#0'
 				- 'mysqli::query#0'
 
 	-
diff --git a/tests/SyntaxErrorInQueryMethodRuleTest.php b/tests/SyntaxErrorInQueryMethodRuleTest.php
@@ -49,6 +49,10 @@ public function testSyntaxErrorInQueryRule(): void
                 "Query error: Table 'phpstan_dba.unknownTable' doesn't exist (1146).",
                 41,
             ],
+            [
+                "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'freigabe1u1 FROM ada LIMIT 0' at line 1 (1064).",
+                75,
+            ],
         ]);
     }
 }
diff --git a/tests/data/syntax-error-in-query.php b/tests/data/syntax-error-in-query.php
@@ -6,7 +6,7 @@
 
 class Foo
 {
-    public function syntaxErrorPdo(PDO $pdo)
+    public function syntaxErrorPdoQuery(PDO $pdo)
     {
         $pdo->query('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', PDO::FETCH_ASSOC);
     }
@@ -69,4 +69,9 @@ public function queryWithPlaceholder(PDO $pdo)
         $pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=?', PDO::FETCH_ASSOC);
         $pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=:adaid', PDO::FETCH_ASSOC);
     }
+
+    public function syntaxErrorPdoPrepare(PDO $pdo)
+    {
+        $pdo->prepare('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada');
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,7 @@ services:`
`9`	`9`	`arguments:`
`10`	`10`	`classMethods:`
`11`	`11`	`- 'PDO::query#0'`
	`12`	`+ - 'PDO::prepare#0'`
`12`	`13`	`- 'mysqli::query#0'`
`13`	`14`
`14`	`15`	`-`
Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,10 @@ public function testSyntaxErrorInQueryRule(): void`
`49`	`49`	`"Query error: Table 'phpstan_dba.unknownTable' doesn't exist (1146).",`
`50`	`50`	`41,`
`51`	`51`	`],`
	`52`	`+ [`
	`53`	`+ "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'freigabe1u1 FROM ada LIMIT 0' at line 1 (1064).",`
	`54`	`+ 75,`
	`55`	`+ ],`
`52`	`56`	`]);`
`53`	`57`	`}`
`54`	`58`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`
`7`	`7`	`class Foo`
`8`	`8`	`{`
`9`		`- public function syntaxErrorPdo(PDO $pdo)`
	`9`	`+ public function syntaxErrorPdoQuery(PDO $pdo)`
`10`	`10`	`{`
`11`	`11`	`$pdo->query('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', PDO::FETCH_ASSOC);`
`12`	`12`	`}`
`@@ -69,4 +69,9 @@ public function queryWithPlaceholder(PDO $pdo)`
`69`	`69`	`$pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=?', PDO::FETCH_ASSOC);`
`70`	`70`	`$pdo->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=:adaid', PDO::FETCH_ASSOC);`
`71`	`71`	`}`
	`72`	`+`
	`73`	`+ public function syntaxErrorPdoPrepare(PDO $pdo)`
	`74`	`+ {`
	`75`	`+ $pdo->prepare('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada');`
	`76`	`+ }`
`72`	`77`	`}`