Strip query comments (#431)

Author: marmichalski

.phpstan-dba-mysqli.cache

@@ -34,7 +34,7 @@ public function resolve(Scope $scope, Expr $queryExpr, ?Type $parameterTypes): i
         }
 
         foreach ($queryStrings as $queryString) {
-            $normalizedQuery = QuerySimulation::stripTrailers($queryString);
+            $normalizedQuery = QuerySimulation::stripTrailers(QuerySimulation::stripComments($queryString));
 
             if (null !== $normalizedQuery) {
                 yield $normalizedQuery;

.phpstan-dba-pdo-mysql.cache

@@ -136,15 +136,15 @@ public function resolveQueryStrings(Expr $queryExpr, Scope $scope): iterable
 
         if ($type instanceof UnionType) {
             foreach (TypeUtils::getConstantStrings($type) as $constantString) {
-                yield $this->normalizeQueryString($constantString->getValue());
+                yield QuerySimulation::stripComments($this->normalizeQueryString($constantString->getValue()));
             }
 
             return;
         }
 
         $queryString = $this->resolveQueryExpr($queryExpr, $scope);
         if (null !== $queryString) {
-            yield $this->normalizeQueryString($queryString);
+            yield QuerySimulation::stripComments($this->normalizeQueryString($queryString));
         }
     }
 

src/Analyzer/QueryPlanQueryResolver.php

@@ -124,7 +124,7 @@ public static function simulateParamValueType(Type $paramType, bool $preparedPar
 
     public static function simulate(string $queryString): ?string
     {
-        $queryString = self::stripTrailers($queryString);
+        $queryString = self::stripTrailers(self::stripComments($queryString));
 
         if (null === $queryString) {
             return null;
@@ -158,4 +158,28 @@ public static function stripTrailers(string $queryString): ?string
 
         return preg_replace('/\s*LIMIT\s+["\']?\d+["\']?\s*(,\s*["\']?\d*["\']?)?\s*$/i', '', $queryString);
     }
+
+    /**
+     * @see https://larrysteinle.com/2011/02/09/use-regular-expressions-to-clean-sql-statements/
+     * @see https://github.com/decemberster/sql-strip-comments/blob/3bef3558211a6f6191d2ad0ceb8577eda39dd303/index.js
+     */
+    public static function stripComments(string $query): string
+    {
+        return trim(preg_replace_callback(
+            '/("(""|[^"])*")|(\'(\'\'|[^\'])*\')|(--[^\n\r]*)|(\/\*[\w\W]*?(?=\*\/)\*\/)/m',
+            static function (array $matches): string {
+                $match = $matches[0];
+                $matchLength = \strlen($match);
+                if (
+                    ('"' === $match[0] && '"' === $match[$matchLength - 1])
+                    || ('\'' === $match[0] && '\'' === $match[$matchLength - 1])
+                ) {
+                    return $match;
+                }
+
+                return '';
+            },
+            $query
+        ) ?? $query);
+    }
 }

src/QueryReflection/QueryReflection.php

@@ -44,7 +44,7 @@ public function processNode(Node $methodCall, Scope $scope): array
             return [];
         }
 
-        if (PdoStatement::class !== $methodReflection->getDeclaringClass()->getName()) {
+        if (PDOStatement::class !== $methodReflection->getDeclaringClass()->getName()) {
             return [];
         }
 

src/QueryReflection/QuerySimulation.php

@@ -41,4 +41,45 @@ public function testIntersectionTypeMix()
         $simulatedValue = QuerySimulation::simulateParamValueType($builder->getArray(), false);
         $this->assertNotNull($simulatedValue);
     }
+
+    /**
+     * @dataProvider provideQueriesWithComments
+     */
+    public function testStripComments(string $query, string $expectedQuery)
+    {
+        self::assertSame($expectedQuery, QuerySimulation::stripComments($query));
+    }
+
+    /**
+     * @return iterable<array{string, string}>
+     */
+    public function provideQueriesWithComments(): iterable
+    {
+        yield 'Single line comment' => [
+            'SELECT * FROM ada; -- ignore me',
+            'SELECT * FROM ada;',
+        ];
+        yield 'Single line block comment' => [
+            'SELECT * FROM ada; /* ignore me */',
+            'SELECT * FROM ada;',
+        ];
+        yield 'Single line comment inside block comment' => [
+            'SELECT * FROM ada; /* -- ignore me */',
+            'SELECT * FROM ada;',
+        ];
+        yield 'Select comment-like value' => [
+            'SELECT "hello -- darkness my old friend -- /* ive come to talk with you again */ bye" FROM ada --thanks',
+            'SELECT "hello -- darkness my old friend -- /* ive come to talk with you again */ bye" FROM ada',
+        ];
+        yield 'Multi-line comment' => [
+            '
+                SELECT * FROM ada
+                /*
+                    nice
+                    comment
+                 */
+            ',
+            'SELECT * FROM ada',
+        ];
+    }
 }