-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Query error with parameterised queries #106
Comments
for some reason the placeholder replacement does not work on your machine. could you dig a bit thru phpstan-dba/src/QueryReflection/QueryReflection.php Lines 134 to 166 in 2eaf50b
to get a feeling why it fails in your setup? |
I was able to reproduce this problem, when
is configured for a method, which actually takes a prepared statement and query-string separately |
I think we are on the same page... and Pull Request 119 has stopped the error. From my understanding, the checking of In comparison I'm just wondering, could the parameters simply be replaced with the number 0? something like this: $queryString = preg_replace('/(\?|\b:[a-zA-Z0-9_]+\b)/', '0', $queryString); It's already using e.g. While these are a bit contrived, As an aside, I think there might have a similar issue with I wonder, if this is a problem, does it needs to do something similar to the pdo_parse_params() function, rather than simply using the BINDCHR regex (used later as |
You are right that the current parsing is a bit naive and can easily break in edge cases. We might finally use a proper sql parser. Regarding your inital problem: I guess your phpstan-dba config is wrongly mixing Actually for pdo support you don't need additional rules configuration. The default config should work for pdo-only source analysis.
Thats what
|
Just running a quick test (need to go in a bit)... I've used a script that only contains: <?php
$pdo = new PDO('mysql:dbname=test;host=localhost', 'test', 'test', [PDO::ATTR_EMULATE_PREPARES => false]);
$stmt = $pdo->prepare('SELECT * FROM user WHERE id = ?'); And that triggered the 'Query error' in Taking a guess, that might be due to the provided dba.neon file. |
I think this example works on latest master. I think it was fixed with #119 at least running your example in a unit test seems to not produce a error, see #124 |
Yep, when I used #119, that fixed the error... and I suspect those checks are run when it get's to the |
Does the initial issue still reproduce or can we close the issue? |
Yes, thank you (once I realised that composer was not updating). |
Following up on Issue 69, as this is a different issue (I don't want to mix up the two things).
The SQL error, when checking
$pdo->prepare()
:This output used the new debug mode in
RuntimeConfiguration
(thanks for adding).It's happening on both named and question mark parameter queries.
The
MysqliQueryReflector::simulateQuery()
method is used, and it looks like the query is being sent to the database without parameters being provided (or replaced).It's interesting that later, when
$stmt->execute()
is being tested, the values are being replaced inQueryReflection::replaceParameters()
.I wonder if this check can be done during
$stmt->execute()
, when you have some parameters to use... or it might be possible to generate some values, even if it's the number 0, or a value that's appropriate for the field type (considering it's not actually returning any records with aLIMIT 0
).The text was updated successfully, but these errors were encountered: