Bug fix for DB\IO params detection

Param detection found too many params, for example '$1'. Fixed the regex to only allow params that are no preceeded by ' And must start with space/tab, =, (
Bug fix for DB\IO returning detection
2023-04-07 14:34:13 +09:00 · 2023-04-03 15:02:39 +09:00
2 changed files with 42 additions and 8 deletions
--- a/www/admin/class_test.db.php
+++ b/www/admin/class_test.db.php
@@ -212,11 +212,11 @@ $query = <<<EOM
 INSERT INTO
 	test_foo
 (
-	test
+	test, string_a
 ) VALUES (
-	$1
+	$1, '$2'
 )
-RETURNING test
+RETURNING test, string_a
 EOM;
 $db->dbPrepare("ins_test_foo_eom", $query);
 $status = $db->dbExecute("ins_test_foo_eom", ['EOM BAR TEST ' . time()]);
@@ -413,13 +413,35 @@ if (is_array($s_res = $db->dbReturnRow($q)) && !empty($s_res['test'])) {
 }

 // UPDATE WITH RETURNING
-$status = $db->dbExec("UPDATE test_foo SET test = 'SOMETHING DIFFERENT' "
-	. "WHERE test_foo_id = " . (int)$last_insert_pk . " RETURNING test");
+$status = $db->dbExec("UPDATE test_foo SET test = 'SOMETHING DIFFERENT', string_a = '" . (string)rand(1, 100) . "' "
+	. "WHERE test_foo_id = " . (int)$last_insert_pk . " RETURNING test_foo.test, string_a");
 print "UPDATE WITH PK " . Support::printToString($last_insert_pk)
 	. " RETURN STATUS: " . Support::printToString($status) . " |<br>"
 	. "QUERY: " . $db->dbGetQuery() . " |<br>"
 	. "RETURNING EXT: " . print_r($db->dbGetReturningExt(), true) . " | "
 	. "RETURNING ARRAY: " . print_r($db->dbGetReturningArray(), true) . "<br>";
+// UPDATE BUT EOM STYLE
+$status = $db->dbExecParams(
+	<<<EOM
+	UPDATE
+		test_foo
+	SET
+		test = ?,
+		string_a = ?
+	WHERE
+		tset_foo_id = ?
+	RETURNING
+		test_foo.test, string_a
+	EOM,
+	['SOMETHING DIFFERENT EOM', (string)rand(1, 100)]
+);
+print "UPDATE EOM WITH PK " . Support::printToString($last_insert_pk)
+	. " RETURN STATUS: " . Support::printToString($status) . " |<br>"
+	. "QUERY: " . $db->dbGetQuery() . " |<br>"
+	. "RETURNING EXT: " . print_r($db->dbGetReturningExt(), true) . " | "
+	. "RETURNING ARRAY: " . print_r($db->dbGetReturningArray(), true) . "<br>";
+
+// a stand alone insert?
 $db->dbExec("INSERT INTO test_foo (test) VALUES ('STAND ALONE')");

 // INSERT WITH NO RETURNING
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -279,8 +279,20 @@ class IO
 	public const NO_CACHE = 3;
 	/** @var string default hash type */
 	public const ERROR_HASH_TYPE = 'adler32';
+	/**
+	 * @var string regex for params: only stand alone $number allowed
+	 *             never allowed to start with '
+	 *             must be after space/tab, =, (
+	*/
+	public const REGEX_PARAMS = '/[^\'][\s(=](\$[0-9]{1,})/';
 	/** @var string regex to get returning with matches at position 1 */
-	public const REGEX_RETURNING = '/\s+returning\s+(.+?);?$/i';
+	public const REGEX_RETURNING = '/\s+returning\s+(.+\s*(?:.+\s*)+);?$/i';
+	// REGEX_SELECT
+	// REGEX_UPDATE
+	// REGEX INSERT
+	// REGEX_INSERT_UPDATE_DELETE
+	// REGEX_FROM_TABLE
+	// REGEX_INSERT_UPDATE_DELETE_TABLE

 	// recommend to set private/protected and only allow setting via method
 	// can bet set from outside
@@ -1017,7 +1029,7 @@ class IO
 	{
 		// search for $1, $2, in the query and push it into the control array
 		// skip counts for same eg $1, $1, $2 = 2 and not 3
-		preg_match_all('/(\$[0-9]{1,})/', $query, $match);
+		preg_match_all(self::REGEX_PARAMS, $query, $match);
 		$placeholder_count = count(array_unique($match[1]));
 		if ($params_count != $placeholder_count) {
 			$this->__dbError(
@@ -2588,7 +2600,7 @@ class IO
 			$match = [];
 			// search for $1, $2, in the query and push it into the control array
 			// skip counts for same eg $1, $1, $2 = 2 and not 3
-			preg_match_all('/(\$[0-9]{1,})/', $query, $match);
+			preg_match_all(self::REGEX_PARAMS, $query, $match);
 			$this->prepare_cursor[$stm_name]['count'] = count(array_unique($match[1]));
 			$this->prepare_cursor[$stm_name]['query'] = $query;
 			$result = $this->db_functions->__dbPrepare($stm_name, $query);