Adds new placeholders (#473)

jakubvojacek · web-flow · commit c28ca1759967 · 2022-11-18T10:01:39.000Z
Co-authored-by: Jakub Vojacek &lt;jakub@motv.eu&gt;
diff --git a/src/DibiReflection/DibiReflection.php b/src/DibiReflection/DibiReflection.php
@@ -8,19 +8,25 @@ final class DibiReflection
 {
     public function rewriteQuery(string $queryString): ?string
     {
-        $queryString = str_replace('%in', '(1)', $queryString);
+        // see https://dibiphp.com/en/documentation#toc-modifiers
         $queryString = str_replace('%lmt', 'LIMIT 1', $queryString);
         $queryString = str_replace('%ofs', ', 1', $queryString);
-        $queryString = preg_replace('#%(i|s)#', "'1'", $queryString) ?? '';
-        $queryString = preg_replace('#%(t|d)#', '"2000-1-1"', $queryString) ?? '';
+        $queryString = str_replace('%in', '(1)', $queryString);
+        $queryString = str_replace('%l', '(1)', $queryString);
+        $queryString = preg_replace('#%(bin|sN|iN|f|i|s)#', "'1'", $queryString) ?? '';
+        $queryString = preg_replace('#%(t|d|dt)#', '"2000-1-1"', $queryString) ?? '';
         $queryString = preg_replace('#%(and|or)#', '(1 = 1)', $queryString) ?? '';
         $queryString = preg_replace('#%~?like~?#', '"%1%"', $queryString) ?? '';
 
-        if (strpos($queryString, '%n') > 0) {
-            $queryString = null;
-        } elseif (strpos($queryString, '%ex') > 0) {
-            $queryString = null;
-        } elseif (0 !== preg_match('#^\s*(START|ROLLBACK|SET|SAVEPOINT|SHOW)#i', $queryString)) {
+        $unsupportedPlaceholders = ['%ex', '%n', '%by', '%sql', '%m', '%N'];
+
+        foreach ($unsupportedPlaceholders as $unsupportedPlaceholder) {
+            if (strpos($queryString, $unsupportedPlaceholder) > 0) {
+                return null;
+            }
+        }
+
+        if (0 !== preg_match('#^\s*(START|ROLLBACK|SET|SAVEPOINT|SHOW)#i', $queryString)) {
             $queryString = null;
         }
 
diff --git a/src/Rules/SyntaxErrorInDibiPreparedStatementMethodRule.php b/src/Rules/SyntaxErrorInDibiPreparedStatementMethodRule.php
@@ -18,6 +18,7 @@
 use PHPStan\Type\Constant\ConstantArrayType;
 use PHPStan\Type\ObjectType;
 use PHPStan\Type\StringType;
+use staabm\PHPStanDba\DibiReflection\DibiReflection;
 use staabm\PHPStanDba\QueryReflection\QueryReflection;
 use staabm\PHPStanDba\QueryReflection\QueryReflector;
 
@@ -143,10 +144,13 @@ private function checkErrors(CallLike $callLike, Scope $scope, MethodReflection
         }
 
         $placeholders = [];
-        preg_match_all('#%(ex|in|i|and|or|s|t|d|~?like~?|n|lmt|ofs)#', $queryParameters[0], $placeholders, \PREG_SET_ORDER);
+        // see https://dibiphp.com/en/documentation#toc-modifiers
+        preg_match_all('#%(sN|bin|by|lmt|b|iN|f|dt|sql|ex|in|i|l|m|and|or|s|t|d|~?like~?|n|ofs|N)#', $queryParameters[0], $placeholders, \PREG_SET_ORDER);
         $placeholderCount = \count($placeholders);
         $parameterCount = \count($queryParameters) - 1;
 
+        // check that it's not the dibi magic insert statement $this->connection->query('INSERT into apps', ['xx' => ...])
+        // in that case it does not make sense to validate placeholder count because we know it won't match
         if (1 === $stringParameterCount && 'INSERT' !== QueryReflection::getQueryType($queryParameters[0])) {
             if ($parameterCount !== $placeholderCount) {
                 $placeholderExpectation = sprintf('Query expects %s placeholder', $placeholderCount);
@@ -179,6 +183,13 @@ private function checkErrors(CallLike $callLike, Scope $scope, MethodReflection
             return [];
         }
 
+        $dibiReflection = new DibiReflection();
+        $queryParameters[0] = $dibiReflection->rewriteQuery($queryParameters[0]);
+
+        if (null === $queryParameters[0]) {
+            return [];
+        }
+
         $validity = $queryReflection->validateQueryString($queryParameters[0]);
 
         if (null !== $validity) {
diff --git a/tests/rules/data/syntax-error-in-dibi-prepared-statement.php b/tests/rules/data/syntax-error-in-dibi-prepared-statement.php
@@ -41,6 +41,15 @@ public function testPlaceholders(\Dibi\Connection $conn)
         $conn->fetchPairs('SELECT email FROM ada where email = %s', 'email@github.com');
     }
 
+    public function testIgnoredPlaceholders(\Dibi\Connection $conn)
+    {
+        $conn->query('SELECT %n, %n from %n', 'email', 'dadid', 'ada');
+        $conn->query('SELECT email, adaid FROM ada group by %by', 'email');
+        $conn->query('SELECT email, adaid FROM ada where email = %bin group by %by', 1, 'email');
+        // has syntax error but will not be caught due to unsupported placeholder
+        $conn->query('SELECT %n, %n frommmm %n', 'email', 'dadid', 'ada');
+    }
+
     /* phpstan-dba does not yet support writable queries
     public function testDeleteUpdateInsert(\Dibi\Connection $conn)
     {
