Skip to content

Prototype support for bindValue/bindParam on PDOStatement #265

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 10, 2022
Merged

Prototype support for bindValue/bindParam on PDOStatement #265

merged 3 commits into from
Feb 10, 2022

Conversation

@xPaw
Copy link
Contributor

@xPaw xPaw commented Feb 8, 2022
edited by staabm
Loading

I think this adds the right pieces.

refs #199

@staabm
Copy link
Owner

staabm commented Feb 8, 2022

This looks great.

we need more testcoverage, especially in

for the error cases.

expected error messages need to be put into

@xPaw
Copy link
Contributor Author

xPaw commented Feb 8, 2022

While adding tests, it seems like it's finding bind calls from previous pdo statements, so the code isn't entirely correct. It needs to stop once it hits prepare or something.

@staabm
Copy link
Owner

staabm commented Feb 8, 2022

For inspiration, a few real world examples can be taken from
https://github.com/shopware/shopware/search?q=bindParam

staabm
staabm reviewed Feb 9, 2022
View reviewed changes
staabm
staabm reviewed Feb 9, 2022
View reviewed changes
@xPaw
Copy link
Contributor Author

xPaw commented Feb 10, 2022

I think I fixed it. I manually constructed ConstantArrayType out of the collected bind calls.

staabm
staabm reviewed Feb 10, 2022
View reviewed changes
src/Rules/PdoStatementExecuteMethodRule.php
$args = $bindCall->getArgs();
if (\count($args) >= 2) {
$keyType = $scope->getType($args[0]->value);
if ($keyType instanceof ConstantIntegerType || $keyType instanceof ConstantStringType) {
Copy link
Owner

@staabm staabm Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need this check here, or could we just feed everything into $parameterKeys and resolveParameters later on would decide which types are supported and which not?

Copy link
Contributor Author

@xPaw xPaw Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's constrained by the constructor, so phpstan complained.

staabm
staabm approved these changes Feb 10, 2022
View reviewed changes
Copy link
Owner

@staabm staabm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i love it

@staabm staabm merged commit 6a03ce1 into staabm:main Feb 10, 2022
staabm
staabm reviewed Feb 10, 2022
View reviewed changes
tests/default/data/unresolvable-pdo-statement.php
Comment on lines +46 to +48
$stmt = $pdo->prepare($query);
$stmt->bindValue(':email', '%|'.$string.'|%');
$stmt->execute();
Copy link
Owner

@staabm staabm Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can/should cover a case where some params are bound via bindValue or bindParam and others are given to execute at the same time.. I guess this is supported in pdo?

Copy link
Contributor Author

@xPaw xPaw Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked at the pdo code, and it seemed like if you pass into execute, it empties any of the previously bound variables. I may have misunderstood though.

Copy link
Owner

@staabm staabm Feb 10, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would be cool if you could run a small example on your own and verify the thesis.

if its right, we might even create a PHPStan-Rule which errors on bindValue/.. calls, when parameters are passed to execute

Copy link
Contributor Author

@xPaw xPaw Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah it's the case:

	$st = Container::Database()->prepare( 'SELECT * FROM Apps WHERE AppID = :a OR AppID = :b' );
	$st->bindValue( ':a', 123 );
	$st->execute( [ ':b' => 456 ] ); // SQLSTATE[HY093]: Invalid parameter number

Copy link
Owner

@staabm staabm Feb 10, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, thx

#275

@xPaw xPaw deleted the pdo-bind-param branch February 10, 2022 11:52
@staabm staabm mentioned this pull request Feb 10, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@staabm staabm staabm approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xPaw @staabm