From 78591d6ba46d0f3cb3c5cfe6c4f1b6e5dcd71b42 Mon Sep 17 00:00:00 2001
From: Clemens Schwaighofer <clemens.schwaighofer@egplusww.com>
Date: Tue, 10 Dec 2024 12:01:06 +0900
Subject: [PATCH] Fix Param regex lookup

Query was not counting params after "--" comment strings
---
 4dev/tests/DB/CoreLibsDBIOTest.php            | 33 +++++++++++++++++++
 www/lib/CoreLibs/DB/IO.php                    |  1 +
 .../DB/Support/ConvertPlaceholder.php         | 15 +++++++--
 3 files changed, 47 insertions(+), 2 deletions(-)

diff --git a/4dev/tests/DB/CoreLibsDBIOTest.php b/4dev/tests/DB/CoreLibsDBIOTest.php
index 19420a47..fab83940 100644
--- a/4dev/tests/DB/CoreLibsDBIOTest.php
+++ b/4dev/tests/DB/CoreLibsDBIOTest.php
@@ -5135,6 +5135,39 @@ final class CoreLibsDBIOTest extends TestCase
 				SQL,
 				'count' => 6,
 				'convert' => false,
+			],
+			'comments in insert' => [
+				'query' => <<<SQL
+				INSERT INTO table_with_primary_key (
+					row_int, row_numeric, row_varchar, row_varchar_literal
+				) VALUES (
+					-- comment
+					$1, $2,
+					-- comment
+					$3
+					-- comment
+					, $4
+				)
+				SQL,
+				'count' => 4,
+				'convert' => false
+			],
+			// Note some are not set
+			'a complete set of possible' => [
+				'query' => <<<SQL
+				UPDATE table_with_primary_key SET
+				-- ROW
+				row_varchar = $1
+				WHERE
+				row_varchar = ANY($2) AND row_varchar <> $3
+				AND row_varchar > $4 AND row_varchar < $5
+				AND row_varchar >= $6 AND row_varchar <=$7
+				AND row_jsonb->'a' = $8 AND row_jsonb->>$9 = 'a'
+				AND row_jsonb<@$10 AND row_jsonb@>$11
+				AND row_varchar ^@ $12
+				SQL,
+				'count' => 12,
+				'convert' => false,
 			]
 		];
 	}
diff --git a/www/lib/CoreLibs/DB/IO.php b/www/lib/CoreLibs/DB/IO.php
index 4daad5b8..d579fd16 100644
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -1332,6 +1332,7 @@ class IO
 	 */
 	private function __dbCheckQueryParams(string $query, array $params): bool
 	{
+		// $this->log->debug('DB QUERY PARAMS REGEX', ConvertPlaceholder::REGEX_LOOKUP_PLACEHOLDERS);
 		$placeholder_count = $this->__dbCountQueryParams($query);
 		$params_count = count($params);
 		if ($params_count != $placeholder_count) {
diff --git a/www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php b/www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php
index 0b9542b2..3541276e 100644
--- a/www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php
+++ b/www/lib/CoreLibs/DB/Support/ConvertPlaceholder.php
@@ -14,8 +14,19 @@ namespace CoreLibs\DB\Support;
 
 class ConvertPlaceholder
 {
-	/** @var string split regex */
-	private const PATTERN_QUERY_SPLIT = '[(<>=,?-]|->|->>|#>|#>>|@>|<@|\?\|\?\&|\|\||#-';
+	// NOTE for missing: range */+ are not iplemented in the regex below, but - is for now
+	// NOTE some combinations are allowed, but the query will fail before this
+	/** @var string split regex, entries before $ group */
+	private const PATTERN_QUERY_SPLIT =
+		',|' // for ',' mostly in INSERT
+		. '[(<>=]|' // general set for (, <, >, = in any query with any combination
+		. '(?:[\(,]\s*\-\-\s*\w*)\r?\n|' // a comment that starts after a ( or ,
+		. '\^@|' // text search for start from text with ^@
+		. '\|\||' // concats two elements
+		. '&&|' // array overlap
+		. '\-\|\-|' // range overlap
+		. '[^-]-{1}|' // single -, used in JSON too
+		. '->|->>|#>|#>>|@>|<@|@@|@\?|\?{1}|\?\||\?&|#-'; //JSON searches, Array searchs, etc
 	/** @var string the main regex including  the pattern query split */
 	private const PATTERN_ELEMENT = '(?:\'.*?\')?\s*(?:\?\?|' . self::PATTERN_QUERY_SPLIT . ')\s*';
 	/** @var string parts to ignore in the SQL */