prevent Query error: Incorrect table name '' (1103). (#456)

staabm · web-flow · commit b8a8a191d576 · 2022-11-02T18:15:20.000+01:00
diff --git a/src/QueryReflection/QueryReflection.php b/src/QueryReflection/QueryReflection.php
@@ -228,7 +228,11 @@ private function resolveQueryStringExpr(Expr $queryExpr, Scope $scope, bool $res
         if ($queryExpr instanceof Encapsed) {
             $string = '';
             foreach ($queryExpr->parts as $part) {
-                $string .= $this->resolveQueryStringExpr($part, $scope);
+                $resolvedPart = $this->resolveQueryStringExpr($part, $scope);
+                if (null === $resolvedPart) {
+                    return null;
+                }
+                $string .= $resolvedPart;
             }
 
             return $string;
diff --git a/tests/rules/data/syntax-error-in-prepared-statement.php b/tests/rules/data/syntax-error-in-prepared-statement.php
@@ -323,4 +323,9 @@ public function preparedNamedParamsSubstitution(Connection $connection)
     {
         $connection->preparedQuery('SELECT email FROM ada WHERE email = :param OR email = :parameter', ['param' => 'abc', 'parameter' => 'def']);
     }
+
+    public function bug442(Connection $conn, string $table)
+    {
+        $conn->executeQuery("SELECT * FROM `$table`");
+    }
 }
diff --git a/tests/rules/data/syntax-error-in-query-function.php b/tests/rules/data/syntax-error-in-query-function.php
@@ -38,4 +38,9 @@ public function conditionalSyntaxError(\mysqli $mysqli)
 
         mysqli_query($mysqli, $query);
     }
+
+    public function bug442(\mysqli $mysqli, string $table)
+    {
+        mysqli_query($mysqli, "SELECT * FROM `$table`");
+    }
 }
diff --git a/tests/rules/data/syntax-error-in-query-method.php b/tests/rules/data/syntax-error-in-query-method.php
@@ -117,4 +117,9 @@ public function conditionalSyntaxErrorInQueryUnion(PDO $pdo)
 
         $pdo->query('SELECT email, adaid FROM ada '.$add.' LIMIT 1', PDO::FETCH_ASSOC);
     }
+
+    public function bug442(PDO $pdo, string $table)
+    {
+        $pdo->query("SELECT * FROM `$table`");
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -323,4 +323,9 @@ public function preparedNamedParamsSubstitution(Connection $connection)`
`323`	`323`	`{`
`324`	`324`	`$connection->preparedQuery('SELECT email FROM ada WHERE email = :param OR email = :parameter', ['param' => 'abc', 'parameter' => 'def']);`
`325`	`325`	`}`
	`326`	`+`
	`327`	`+ public function bug442(Connection $conn, string $table)`
	`328`	`+ {`
	`329`	+ $conn->executeQuery("SELECT * FROM `$table`");
	`330`	`+ }`
`326`	`331`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,4 +38,9 @@ public function conditionalSyntaxError(\mysqli $mysqli)`
`38`	`38`
`39`	`39`	`mysqli_query($mysqli, $query);`
`40`	`40`	`}`
	`41`	`+`
	`42`	`+ public function bug442(\mysqli $mysqli, string $table)`
	`43`	`+ {`
	`44`	+ mysqli_query($mysqli, "SELECT * FROM `$table`");
	`45`	`+ }`
`41`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -117,4 +117,9 @@ public function conditionalSyntaxErrorInQueryUnion(PDO $pdo)`
`117`	`117`
`118`	`118`	`$pdo->query('SELECT email, adaid FROM ada '.$add.' LIMIT 1', PDO::FETCH_ASSOC);`
`119`	`119`	`}`
	`120`	`+`
	`121`	`+ public function bug442(PDO $pdo, string $table)`
	`122`	`+ {`
	`123`	+ $pdo->query("SELECT * FROM `$table`");
	`124`	`+ }`
`120`	`125`	`}`