Skip queries containing placeholders in SyntaxErrorInQueryMethodRule (#119)

Co-authored-by: Markus Staab <[email protected]>

Author: staabm

.phpunit-phpstan-dba.cache

@@ -2,6 +2,64 @@
   'schemaVersion' => 'v3-rename-props',
   'records' => 
   array (
+    '
+            SELECT email adaid
+            WHERE gesperrt = \'1\' AND email LIKE \'%@example.com\'
+            FROM ada
+            LIMIT        1
+        ' => 
+    array (
+      'error' => 
+      staabm\PHPStanDba\Error::__set_state(array(
+         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \'FROM ada LIMIT 0\' at line 3',
+         'code' => 1064,
+      )),
+    ),
+    '
+            SELECT email, adaid
+            FROM ada
+            WHERE gesperrt = \'1\'
+            LIMIT        \'1\'
+        ' => 
+    array (
+      'error' => NULL,
+    ),
+    '
+            SELECT email, adaid
+            FROM ada
+            WHERE gesperrt = \'1\'
+            LIMIT        \'1\',  \'1\'
+        ' => 
+    array (
+      'error' => NULL,
+    ),
+    '
+            SELECT email, adaid
+            FROM ada
+            WHERE gesperrt = \'1\'
+            LIMIT   \'1\',     \'1\'
+        ' => 
+    array (
+      'error' => NULL,
+    ),
+    '
+            SELECT email, adaid
+            FROM ada
+            WHERE gesperrt = \'1\' AND email LIKE \'%@example%\'
+            LIMIT        1
+        ' => 
+    array (
+      'error' => NULL,
+    ),
+    '
+            SELECT email, adaid
+            FROM ada
+            WHERE gesperrt = \'1\' AND email LIKE NULL
+            LIMIT        1
+        ' => 
+    array (
+      'error' => NULL,
+    ),
     '
             SELECT email adaid
             WHERE gesperrt = \'1\' AND email LIKE \'%@example.com\'
@@ -1509,6 +1567,14 @@
         )),
       ),
     ),
+    'SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=?' => 
+    array (
+      'error' => 
+      staabm\PHPStanDba\Error::__set_state(array(
+         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \'? LIMIT 0\' at line 1',
+         'code' => 1064,
+      )),
+    ),
     'SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE email=\'foo\'' => 
     array (
       'error' => NULL,

src/QueryReflection/QueryReflection.php

@@ -40,6 +40,11 @@ public function validateQueryString(string $queryString): ?Error
             return null;
         }
 
+        // this method cannot validate queries which contain placeholders.
+        if (0 !== $this->countPlaceholders($queryString)) {
+            return null;
+        }
+
         return self::reflector()->validateQueryString($queryString);
     }
 

src/Rules/PdoStatementExecuteMethodRule.php

@@ -12,7 +12,6 @@
 use PHPStan\Rules\Rule;
 use PHPStan\Rules\RuleError;
 use PHPStan\Rules\RuleErrorBuilder;
-use PHPStan\ShouldNotHappenException;
 use staabm\PHPStanDba\PdoReflection\PdoStatementReflection;
 use staabm\PHPStanDba\QueryReflection\QueryReflection;
 

tests/data/syntax-error-in-query.php

@@ -70,6 +70,12 @@ public function syntaxErrorPdoPrepare(PDO $pdo)
     public function syntaxErrorDoctrineDbal(\Doctrine\DBAL\Connection $conn)
     {
         $sql = 'SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada';
-        $stmt = $conn->query($sql);
+        $conn->query($sql);
+    }
+
+    public function noErrorOnQueriesContainingPlaceholders(\Doctrine\DBAL\Connection $conn)
+    {
+        // errors in this scenario are reported by SyntaxErrorInPreparedStatementMethodRule only
+        $conn->query('SELECT email, adaid, gesperrt, freigabe1u1 FROM ada WHERE adaid=?');
     }
 }