From ccabc0c7fa8586f29c9ee0a1707612877860a81f Mon Sep 17 00:00:00 2001 From: Markus Staab Date: Fri, 29 Sep 2023 13:35:18 +0200 Subject: [PATCH] Fix false-positive parameter validation error when query string is not resolvable (#630) --- src/QueryReflection/PlaceholderValidation.php | 8 ++++++-- tests/rules/data/placeholder-bug.php | 8 ++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/QueryReflection/PlaceholderValidation.php b/src/QueryReflection/PlaceholderValidation.php index c8419de6..719da009 100644 --- a/src/QueryReflection/PlaceholderValidation.php +++ b/src/QueryReflection/PlaceholderValidation.php @@ -28,6 +28,10 @@ public function checkQuery(Expr $queryExpr, Scope $scope, array $parameters): it } } + if ($queryStrings === []) { + return; + } + if ($namedPlaceholders) { yield from $this->validateNamedPlaceholders($queryStrings, $parameters); @@ -36,8 +40,8 @@ public function checkQuery(Expr $queryExpr, Scope $scope, array $parameters): it $minPlaceholderCount = PHP_INT_MAX; $maxPlaceholderCount = 0; - foreach ($queryStrings as $queryString) { - $placeholderCount = $queryReflection->countPlaceholders($queryString); + foreach ($queryStrings as $unnamedQueryString) { + $placeholderCount = $queryReflection->countPlaceholders($unnamedQueryString); if ($placeholderCount < $minPlaceholderCount) { $minPlaceholderCount = $placeholderCount; } diff --git a/tests/rules/data/placeholder-bug.php b/tests/rules/data/placeholder-bug.php index 4957f68f..69e2fc94 100644 --- a/tests/rules/data/placeholder-bug.php +++ b/tests/rules/data/placeholder-bug.php @@ -47,4 +47,12 @@ public function wrongMinBound(PDO $pdo) $stmt = $pdo->prepare('SELECT email, adaid FROM ada WHERE adaid = ? OR adaid = ? '); $stmt->execute([]); } + + public function notResolvableQuery(PDO $pdo, $params) + { + $query ='SELECT email, adaid FROM ada WHERE email = ? '.$params; + + $stmt = $pdo->prepare($query); + $stmt->execute(['hello world']); + } }