Merge branch 'Bug-DBIOWrongParamCountWithCommentBeforeParam' into Feature-AclLoginClassUpdateTokenCheckWithUuidV4

2024-12-10 12:02:31 +09:00
parent e8299a123b 78591d6ba4
commit 50f83b822c
3 changed files with 47 additions and 2 deletions
--- a/4dev/tests/DB/CoreLibsDBIOTest.php
+++ b/4dev/tests/DB/CoreLibsDBIOTest.php
@@ -5135,6 +5135,39 @@ final class CoreLibsDBIOTest extends TestCase
 				SQL,
 				'count' => 6,
 				'convert' => false,
+			],
+			'comments in insert' => [
+				'query' => <<<SQL
+				INSERT INTO table_with_primary_key (
+					row_int, row_numeric, row_varchar, row_varchar_literal
+				) VALUES (
+					-- comment
+					$1, $2,
+					-- comment
+					$3
+					-- comment
+					, $4
+				)
+				SQL,
+				'count' => 4,
+				'convert' => false
+			],
+			// Note some are not set
+			'a complete set of possible' => [
+				'query' => <<<SQL
+				UPDATE table_with_primary_key SET
+				-- ROW
+				row_varchar = $1
+				WHERE
+				row_varchar = ANY($2) AND row_varchar <> $3
+				AND row_varchar > $4 AND row_varchar < $5
+				AND row_varchar >= $6 AND row_varchar <=$7
+				AND row_jsonb->'a' = $8 AND row_jsonb->>$9 = 'a'
+				AND row_jsonb<@$10 AND row_jsonb@>$11
+				AND row_varchar ^@ $12
+				SQL,
+				'count' => 12,
+				'convert' => false,
 			]
 		];
 	}
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -1332,6 +1332,7 @@ class IO
 	 */
 	private function __dbCheckQueryParams(string $query, array $params): bool
 	{
+		// $this->log->debug('DB QUERY PARAMS REGEX', ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS);
 		$placeholder_count = $this->__dbCountQueryParams($query);
 		$params_count = count($params);
 		if ($params_count != $placeholder_count) {
--- a/www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php
+++ b/www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php
@@ -14,8 +14,19 @@ namespace CoreLibs\DB\Support;

 class ConvertPlaceholder
 {
-	/** @var string split regex */
-	private const PATTERN_QUERY_SPLIT = '[(<>=,?-]|->|->>|#>|#>>|@>|<@|\?\|\?\&|\|\||#-';
+	// NOTE for missing: range */+ are not iplemented in the regex below, but - is for now
+	// NOTE some combinations are allowed, but the query will fail before this
+	/** @var string split regex, entries before $ group */
+	private const PATTERN_QUERY_SPLIT =
+		',|' // for ',' mostly in INSERT
+		. '[(<>=]|' // general set for (, <, >, = in any query with any combination
+		. '(?:[\(,]\s*\-\-\s*\w*)\r?\n|' // a comment that starts after a ( or ,
+		. '\^@|' // text search for start from text with ^@
+		. '\|\||' // concats two elements
+		. '&&|' // array overlap
+		. '\-\|\-|' // range overlap
+		. '[^-]-{1}|' // single -, used in JSON too
+		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-'; //JSON searches, Array searchs, etc
 	/** @var string the main regex including  the pattern query split */
 	private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:\?\?|' . self::PATTERN_QUERY_SPLIT . ')\s*';
 	/** @var string parts to ignore in the SQL */