DB\IO fix for regex query detection

Fix for basic query detection: Simeple starts with SELECT/WITH/SHOW INSERT INTO/UPDATE/DELETE FROM UPDATE Above does no complex query detection, just if the string starts with this Fix form table detection for primary key auto set trial.
2023-01-27 11:12:46 +09:00
parent 4c28e6d0ec
commit 4bbbd653cd
2 changed files with 106 additions and 50 deletions
--- a/README.V6-Upgrade.md
+++ b/README.V6-Upgrade.md
@@ -4,6 +4,7 @@
 * copy `config/config.php`
 * install composer if not installed `composer init` and `composer install`
 * update composer.json
+
 ```json
 "autoload": {
    "classmap": [
@@ -11,18 +12,23 @@
    ]
 },
 ```
+
 Run to update autoloader list
+
 ```sh
 composer dump-autoload
 ```

 * copy `includes/edit_base.inc`
 * add session start in the top header block where the `header()` calls are
+
 ```php
 // start session
 CoreLibs\Create\Session::startSession();
 ```
+
 * update all header calls if needed to add new log type call
+
 ```php
 // create logger
 $log = new CoreLibs\Debug\Logging([
@@ -34,17 +40,23 @@ $log = new CoreLibs\Debug\Logging([
    'print_all' => $PRINT_ALL ?? false,
 ]);
 ```
+
 * add a db class
+
 ```php
 // db config with logger
 $db = new CoreLibs\DB\IO(DB_CONFIG, $log);
 ```
+
 * login class needs to have db and logger added
+
 ```php
 // login & page access check
 $login = new CoreLibs\ACL\Login($db, $log);
 ```
+
 * update language class
+
 ```php
 // pre auto detect language after login
 $locale = \CoreLibs\Language\GetLocale::setLocale();
@@ -55,35 +67,46 @@ $l10n = new \CoreLibs\Language\L10n(
    $locale['path'],
 );
 ```
+
 * smarty needs language
+
 ```php
 $smarty = new CoreLibs\Template\SmartyExtend($l10n, $locale);
 ```
+
 * admin backend also needs logger
+
 ```php
 $cms = new CoreLibs\Admin\Backend($db, $log, $l10n, $locale);
 ```
+
 * update and `$cms` or similar calls so db is in `$cms->db->...` and log are in `$cms->log->...`
 * update all `config.*.php` files where needed
 * check config.master.php for `BASE_NAME` and `G_TITLE` and set them in the `.env` file so the `config.master.php` can be copied as os
 * If not doable, see changed below in `config.master.php` must remove old auto loder and `FLASH` constant at least
+
 **REMOVE:**
+
 ```php
 /************* AUTO LOADER *******************/
 // read auto loader
 require BASE . LIB . 'autoloader.php';
 ```
+
 **UPDATE:**
+
 ```php
 // po langs [DEPRECAED: use LOCALE]
 define('LANG', 'lang' . DIRECTORY_SEPARATOR);
 // po locale file
 define('LOCALE', 'locale' . DIRECTORY_SEPARATOR);
 ```
+
 ```php
 // SSL host name
 // define('SSL_HOST', $_ENV['SSL_HOST'] ?? '');
 ```
+
 ```php
 // define full regex
 define('PASSWORD_REGEX', "/^"
@@ -93,11 +116,13 @@ define('PASSWORD_REGEX', "/^"
    . (defined('PASSWORD_SPECIAL') ? PASSWORD_SPECIAL : '')
    . "[A-Za-z\d" . PASSWORD_SPECIAL_RANGE . "]{" . PASSWORD_MIN_LENGTH . "," . PASSWORD_MAX_LENGTH . "}$/");
 ```
+
 ```php
 /************* LAYOUT WIDTHS *************/
 define('PAGE_WIDTH', '100%');
 define('CONTENT_WIDTH', '100%');
 ```
+
 ```php
 /************* OVERALL CONTROL NAMES *************/
 // BELOW has HAS to be changed
@@ -105,6 +130,7 @@ define('CONTENT_WIDTH', '100%');
 // only alphanumeric characters, strip all others
 define('BASE_NAME', preg_replace('/[^A-Za-z0-9]/', '', $_ENV['BASE_NAME'] ?? ''));
 ```
+
 ```php
 /************* LANGUAGE / ENCODING *******/
 // default lang + encoding
@@ -112,6 +138,7 @@ define('DEFAULT_LOCALE', 'en_US.UTF-8');
 // default web page encoding setting
 define('DEFAULT_ENCODING', 'UTF-8');
 ```
+
 ```php
 // BAIL ON MISSING DB CONFIG:
 // we have either no db selction for this host but have db config entries
@@ -131,34 +158,43 @@ if (
    exit;
 }
 ```
+
 ```php
 // remove SITE_LANG
 define('SITE_LOCALE', $SITE_CONFIG[HOST_NAME]['site_locale'] ?? DEFAULT_LOCALE);
 define('SITE_ENCODING', $SITE_CONFIG[HOST_NAME]['site_encoding'] ?? DEFAULT_ENCODING);
 ```
+
 ```php
 /************* GENERAL PAGE TITLE ********/
 define('G_TITLE', $_ENV['G_TITLE'] ?? '');
 ```
+
 * move all login passweords into the `.env` file in the `configs/` folder
 in the `.env` file
-```
+
+```sql
 DB_NAME.TEST=some_database
 ...
 ```
+
 In the config then
+
 ```php
 'db_name' => $_ENV['DB_NAME.TEST'] ?? '',
 ```
+
 * config.host.php update
 must add site_locale (site_lang + site_encoding)
 remove site_lang
+
 ```php
    // lang + encoding
    'site_locale' => 'en_US.UTF-8',
    // site language
    'site_encoding' => 'UTF-8',
 ```
+
 * copy `layout/admin/javascript/edit.jq.js`
 * check other javacsript files if needed (`edit.jq.js`)

--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -575,14 +575,14 @@ class IO
 	/**
 	 * checks if query is a SELECT, SHOW or WITH, if not error, 0 return
 	 * NOTE:
-	 * Query needs to start with SELECT, SHOW or WITH. if starts with "with" it is ignored
+	 * Query needs to start with SELECT, SHOW or WITH
 	 * @param  string $query query to check
 	 * @return bool          true if matching, false if not
 	 */
 	private function __checkQueryForSelect(string $query): bool
 	{
-		// perhaps allow spaces before select ?!?
-		if (preg_match("/^(select|show|with) /i", $query)) {
+		// change to string starts with?
+		if (preg_match("/^(?:SELECT|SHOW|WITH)\s/i", $query)) {
 			return true;
 		}
 		return false;
@@ -599,10 +599,10 @@ class IO
 	 */
 	private function __checkQueryForInsert(string $query, bool $pure = false): bool
 	{
-		if ($pure && preg_match("/^insert /i", $query)) {
+		if ($pure && preg_match("/^INSERT\s+?INTO\s/i", $query)) {
 			return true;
 		}
-		if (!$pure && preg_match("/^(insert|update|delete) /i", $query)) {
+		if (!$pure && preg_match("/^(?:INSERT\s+?INTO|DELETE\s+?FROM|UPDATE)\s/i", $query)) {
 			return true;
 		}
 		return false;
@@ -616,7 +616,7 @@ class IO
 	 */
 	private function __checkQueryForUpdate(string $query): bool
 	{
-		if (preg_match("/^update /i", $query)) {
+		if (preg_match("/^UPDATE\s?(.+)/i", $query)) {
 			return true;
 		}
 		return false;
@@ -881,12 +881,32 @@ class IO
 	private function __dbReturnTable(string $query): array
 	{
 		$matches = [];
-		if (preg_match("/^SELECT /i", $query)) {
-			preg_match("/ (FROM) \"?(([\w_]+)\.)?([\w_]+)\"? /i", $query, $matches);
+		$schema_table = [];
+		if ($this->__checkQueryForSelect($query)) {
+			// only selects the first one, this is more a fallback
+			// MATCHES 1 (call), 3 (schema), 4 (table)
+			preg_match("/\s+?(FROM)\s+?([\"'])?(?:([\w_]+)\.)?([\w_]+)(?:\2)?\s?/i", $query, $matches);
+			$schema_table = [
+				$matches[3] ?? '',
+				$matches[4] ?? '',
+			];
 		} else {
-			preg_match("/(INSERT INTO|DELETE FROM|UPDATE) \"?(([\w_]+)\.)?([\w_]+)\"? /i", $query, $matches);
+			preg_match(
+				// must start with
+				// INSERT INTO (table)
+				// DELETE FROM (table)
+				// UPDATE (table) SET
+				// MATCHES 1 (call), 4 (schema), 5 (table)
+				"/^(INSERT\s+?INTO|DELETE\s+?FROM|(UPDATE))\s+?([\"'])?(?:([\w_]+)\.)?([\w_]+)(?:\3)?\s?(?(2)SET|)/i",
+				$query,
+				$matches
+			);
+			$schema_table = [
+				$matches[4] ?? '',
+				$matches[5] ?? ''
+			];
 		}
-		return [$matches[3] ?? '', $matches[4] ?? ''];
+		return $schema_table;
 	}

 	/**