fixed detection of syntax errors in prepared statements on konwn parameter types (#91)

Co-authored-by: Markus Staab <[email protected]>

Author: staabm

.phpstan-dba.cache

@@ -430,7 +430,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE adaid = 1' => 
+    'SELECT email, adaid FROM ada WHERE adaid = \'1\'' => 
     array (
       'error' => NULL,
       'result' => 
@@ -523,7 +523,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE adaid = 1 and email = \'[email protected]\'' => 
+    'SELECT email, adaid FROM ada WHERE adaid = \'1\' and email = \'[email protected]\'' => 
     array (
       'error' => NULL,
       'result' => 
@@ -616,7 +616,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE adaid = 1 and email = :email' => 
+    'SELECT email, adaid FROM ada WHERE adaid = \'1\' and email = :email' => 
     array (
       'error' => 
       staabm\PHPStanDba\Error::__set_state(array(
@@ -628,7 +628,7 @@
         3 => NULL,
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE adaid = 1 and email = ?' => 
+    'SELECT email, adaid FROM ada WHERE adaid = \'1\' and email = ?' => 
     array (
       'error' => 
       staabm\PHPStanDba\Error::__set_state(array(
@@ -769,19 +769,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE email <=> :email' => 
-    array (
-      'error' => 
-      staabm\PHPStanDba\Error::__set_state(array(
-         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \':email LIMIT 0\' at line 1',
-         'code' => 1064,
-      )),
-      'result' => 
-      array (
-        3 => NULL,
-      ),
-    ),
-    'SELECT email, adaid FROM ada WHERE email <=> NULL' => 
+    'SELECT email, adaid FROM ada WHERE email <=> \'\'' => 
     array (
       'error' => NULL,
       'result' => 
@@ -874,6 +862,18 @@
         )),
       ),
     ),
+    'SELECT email, adaid FROM ada WHERE email <=> :email' => 
+    array (
+      'error' => 
+      staabm\PHPStanDba\Error::__set_state(array(
+         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \':email LIMIT 0\' at line 1',
+         'code' => 1064,
+      )),
+      'result' => 
+      array (
+        3 => NULL,
+      ),
+    ),
     'SELECT email, adaid FROM ada WHERE email = \'[email protected]\'' => 
     array (
       'error' => NULL,

.phpunit-phpstan-dba.cache

@@ -2,10 +2,32 @@
   'schemaVersion' => 'v3-rename-props',
   'records' => 
   array (
+    '
+            SELECT email adaid
+            WHERE gesperrt = \'1\' AND email LIKE \'%@example.com\'
+            FROM ada
+            LIMIT        1
+        ' => 
+    array (
+      'error' => 
+      staabm\PHPStanDba\Error::__set_state(array(
+         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \'FROM ada LIMIT 0\' at line 3',
+         'code' => 1064,
+      )),
+    ),
     '
             SELECT email, adaid
             FROM ada
-            WHERE gesperrt = 1 AND email LIKE \'%@example%\'
+            WHERE gesperrt = \'1\' AND email LIKE \'%@example%\'
+            LIMIT        1
+        ' => 
+    array (
+      'error' => NULL,
+    ),
+    '
+            SELECT email, adaid
+            FROM ada
+            WHERE gesperrt = \'1\' AND email LIKE NULL
             LIMIT        1
         ' => 
     array (
@@ -417,7 +439,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE adaid = 1' => 
+    'SELECT email, adaid FROM ada WHERE adaid = \'1\'' => 
     array (
       'error' => NULL,
       'result' => 
@@ -510,7 +532,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE adaid = 1 and email = \'[email protected]\'' => 
+    'SELECT email, adaid FROM ada WHERE adaid = \'1\' and email = \'[email protected]\'' => 
     array (
       'error' => NULL,
       'result' => 
@@ -708,19 +730,7 @@
         )),
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE email <=> :email' => 
-    array (
-      'error' => 
-      staabm\PHPStanDba\Error::__set_state(array(
-         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \':email LIMIT 0\' at line 1',
-         'code' => 1064,
-      )),
-      'result' => 
-      array (
-        3 => NULL,
-      ),
-    ),
-    'SELECT email, adaid FROM ada WHERE email <=> NULL' => 
+    'SELECT email, adaid FROM ada WHERE email <=> \'\'' => 
     array (
       'error' => NULL,
       'result' => 
@@ -813,6 +823,18 @@
         )),
       ),
     ),
+    'SELECT email, adaid FROM ada WHERE email <=> :email' => 
+    array (
+      'error' => 
+      staabm\PHPStanDba\Error::__set_state(array(
+         'message' => 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near \':email LIMIT 0\' at line 1',
+         'code' => 1064,
+      )),
+      'result' => 
+      array (
+        3 => NULL,
+      ),
+    ),
     'SELECT email, adaid FROM ada WHERE email = \'[email protected]\'' => 
     array (
       'error' => NULL,
@@ -918,7 +940,7 @@
         3 => NULL,
       ),
     ),
-    'SELECT email, adaid FROM ada WHERE gesperrt = 1' => 
+    'SELECT email, adaid FROM ada WHERE gesperrt = \'1\'' => 
     array (
       'error' => NULL,
     ),

src/QueryReflection/QueryReflection.php

@@ -7,18 +7,10 @@
 use PhpParser\Node\Expr;
 use PhpParser\Node\Expr\BinaryOp\Concat;
 use PHPStan\Analyser\Scope;
-use PHPStan\Type\BooleanType;
 use PHPStan\Type\Constant\ConstantArrayType;
 use PHPStan\Type\Constant\ConstantIntegerType;
 use PHPStan\Type\Constant\ConstantStringType;
-use PHPStan\Type\ConstantScalarType;
-use PHPStan\Type\FloatType;
-use PHPStan\Type\IntegerType;
-use PHPStan\Type\IntersectionType;
-use PHPStan\Type\MixedType;
-use PHPStan\Type\StringType;
 use PHPStan\Type\Type;
-use PHPStan\Type\UnionType;
 use staabm\PHPStanDba\DbaException;
 use staabm\PHPStanDba\Error;
 
@@ -106,34 +98,8 @@ public function resolveQueryString(Expr $queryExpr, Scope $scope): ?string
         }
 
         $type = $scope->getType($queryExpr);
-        if ($type instanceof ConstantScalarType) {
-            return (string) $type->getValue();
-        }
-
-        $integerType = new IntegerType();
-        if ($integerType->isSuperTypeOf($type)->yes()) {
-            return '1';
-        }
-
-        $booleanType = new BooleanType();
-        if ($booleanType->isSuperTypeOf($type)->yes()) {
-            return '1';
-        }
-
-        if ($type->isNumericString()->yes()) {
-            return '1';
-        }
 
-        $floatType = new FloatType();
-        if ($floatType->isSuperTypeOf($type)->yes()) {
-            return '1.0';
-        }
-
-        if ($type instanceof MixedType || $type instanceof StringType || $type instanceof IntersectionType || $type instanceof UnionType) {
-            return null;
-        }
-
-        throw new DbaException(sprintf('Unexpected expression type %s', \get_class($type)));
+        return QuerySimulation::simulateParamValueType($type);
     }
 
     private function getQueryType(string $query): ?string
@@ -166,17 +132,9 @@ public function resolveParameters(Type $parameterTypes): ?array
                         $placeholderName = ':'.$placeholderName;
                     }
 
-                    if ($valueTypes[$i] instanceof ConstantScalarType) {
-                        $parameters[$placeholderName] = $valueTypes[$i]->getValue();
-                    } else {
-                        return null;
-                    }
+                    $parameters[$placeholderName] = QuerySimulation::simulateParamValueType($valueTypes[$i]);
                 } elseif ($keyType instanceof ConstantIntegerType) {
-                    if ($valueTypes[$i] instanceof ConstantScalarType) {
-                        $parameters[$keyType->getValue()] = $valueTypes[$i]->getValue();
-                    } else {
-                        return null;
-                    }
+                    $parameters[$keyType->getValue()] = QuerySimulation::simulateParamValueType($valueTypes[$i]);
                 }
             }
 

src/QueryReflection/QuerySimulation.php

@@ -4,11 +4,54 @@
 
 namespace staabm\PHPStanDba\QueryReflection;
 
+use PHPStan\Type\BooleanType;
+use PHPStan\Type\ConstantScalarType;
+use PHPStan\Type\FloatType;
+use PHPStan\Type\IntegerType;
+use PHPStan\Type\IntersectionType;
+use PHPStan\Type\MixedType;
+use PHPStan\Type\StringType;
+use PHPStan\Type\Type;
+use PHPStan\Type\UnionType;
+use staabm\PHPStanDba\DbaException;
+
 /**
  * @internal
  */
 final class QuerySimulation
 {
+    public static function simulateParamValueType(Type $paramType): ?string
+    {
+        if ($paramType instanceof ConstantScalarType) {
+            return (string) $paramType->getValue();
+        }
+
+        $integerType = new IntegerType();
+        if ($integerType->isSuperTypeOf($paramType)->yes()) {
+            return '1';
+        }
+
+        $booleanType = new BooleanType();
+        if ($booleanType->isSuperTypeOf($paramType)->yes()) {
+            return '1';
+        }
+
+        if ($paramType->isNumericString()->yes()) {
+            return '1';
+        }
+
+        $floatType = new FloatType();
+        if ($floatType->isSuperTypeOf($paramType)->yes()) {
+            return '1.0';
+        }
+
+        if ($paramType instanceof MixedType || $paramType instanceof StringType || $paramType instanceof IntersectionType || $paramType instanceof UnionType) {
+            return null;
+        }
+
+        throw new DbaException(sprintf('Unexpected expression type %s', \get_class($paramType)));
+    }
+
     public static function simulate(string $queryString): ?string
     {
         $queryString = self::stripTraillingLimit($queryString);

tests/SyntaxErrorInPreparedStatementMethodRuleTest.php

@@ -29,6 +29,14 @@ public function testSyntaxErrorInQueryRule(): void
                 "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near 'freigabe1u1 FROM ada LIMIT 0' at line 1 (1064).",
                 17,
             ],
+            [
+                "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near 'FROM ada LIMIT 0' at line 3 (1064).",
+                22,
+            ],
+            [
+                "Query error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL/MariaDB server version for the right syntax to use near 'FROM ada LIMIT 0' at line 3 (1064).",
+                29,
+            ],
         ]);
     }
 }

tests/data/syntax-error-in-prepared-statement.php

@@ -17,6 +17,23 @@ public function syntaxErrorInConstruct()
         $stmt = new PreparedStatement('SELECT email adaid WHERE gesperrt freigabe1u1 FROM ada', []);
     }
 
+    public function syntaxErrorOnKnownParamType(Connection $connection, int $i, bool $bool)
+    {
+        $connection->preparedQuery('
+            SELECT email adaid
+            WHERE gesperrt = ? AND email LIKE ?
+            FROM ada
+            LIMIT        1
+        ', [$i, '%@example.com']);
+
+        $connection->preparedQuery('
+            SELECT email adaid
+            WHERE gesperrt = ? AND email LIKE ?
+            FROM ada
+            LIMIT        1
+        ', [$bool, '%@example.com']);
+    }
+
     public function noErrorOnMixedParams(Connection $connection, $unknownType)
     {
         $connection->preparedQuery('