Merge pull request #3488 from morozov/quote-only-string

Connection::quote() can only quote strings

UPGRADE.md

@@ -1,5 +1,9 @@
 # Upgrade to 3.0
 
+## BC BREAK `Statement::quote()` only accepts strings.
+
+`Statement::quote()` and `ExpressionBuilder::literal()` no longer accept arguments of an arbitrary type and and don't implement type-specific handling. Only strings can be quoted.
+
 ## BC BREAK `Statement` and `Connection` methods return `void`.
 
 `Connection::connect()`, `Statement::bindParam()`, `::bindValue()`, `::execute()`, `ResultStatement::setFetchMode()` and `::closeCursor()` no longer return a boolean value. They will throw an exception in case of failure.

lib/Doctrine/DBAL/Connection.php

@@ -807,13 +807,9 @@ public function quoteIdentifier($str)
     /**
      * {@inheritDoc}
      */
-    public function quote($input, $type = null)
+    public function quote(string $input) : string
     {
-        $connection = $this->getWrappedConnection();
-
-        [$value, $bindingType] = $this->getBindingInfo($input, $type);
-
-        return $connection->quote($value, $bindingType);
+        return $this->getWrappedConnection()->quote($input);
     }
 
     /**

lib/Doctrine/DBAL/Driver/Connection.php

@@ -3,7 +3,6 @@
 namespace Doctrine\DBAL\Driver;
 
 use Doctrine\DBAL\DBALException;
-use Doctrine\DBAL\ParameterType;
 
 /**
  * Connection interface.
@@ -27,13 +26,8 @@ public function query(string $sql) : ResultStatement;
 
     /**
      * Quotes a string for use in a query.
-     *
-     * @param mixed $input
-     * @param int   $type
-     *
-     * @return mixed
      */
-    public function quote($input, $type = ParameterType::STRING);
+    public function quote(string $input) : string;
 
     /**
      * Executes an SQL statement and return the number of affected rows.

lib/Doctrine/DBAL/Driver/IBMDB2/DB2Connection.php

@@ -6,7 +6,6 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use stdClass;
 use const DB2_AUTOCOMMIT_OFF;
 use const DB2_AUTOCOMMIT_ON;
@@ -101,15 +100,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        $input = db2_escape_string($input);
-
-        if ($type === ParameterType::INTEGER) {
-            return $input;
-        }
-
-        return "'" . $input . "'";
+        return "'" . db2_escape_string($input) . "'";
     }
 
     /**

lib/Doctrine/DBAL/Driver/Mysqli/MysqliConnection.php

@@ -7,7 +7,6 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use mysqli;
 use const MYSQLI_INIT_COMMAND;
 use const MYSQLI_OPT_CONNECT_TIMEOUT;
@@ -146,7 +145,7 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
         return "'" . $this->conn->escape_string($input) . "'";
     }

lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php

@@ -6,14 +6,11 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use UnexpectedValueException;
 use const OCI_COMMIT_ON_SUCCESS;
 use const OCI_DEFAULT;
 use const OCI_NO_AUTO_COMMIT;
 use function addcslashes;
-use function is_float;
-use function is_int;
 use function oci_commit;
 use function oci_connect;
 use function oci_error;
@@ -123,14 +120,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($value, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        if (is_int($value) || is_float($value)) {
-            return $value;
-        }
-        $value = str_replace("'", "''", $value);
-
-        return "'" . addcslashes($value, "\000\n\r\\\032") . "'";
+        return "'" . addcslashes(str_replace("'", "''", $input), "\000\n\r\\\032") . "'";
     }
 
     /**

lib/Doctrine/DBAL/Driver/PDOConnection.php

@@ -2,7 +2,6 @@
 
 namespace Doctrine\DBAL\Driver;
 
-use Doctrine\DBAL\ParameterType;
 use PDO;
 use function assert;
 
@@ -86,9 +85,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        return $this->connection->quote($input, $type);
+        return $this->connection->quote($input);
     }
 
     /**

lib/Doctrine/DBAL/Driver/PDOSqlsrv/Connection.php

@@ -4,7 +4,6 @@
 
 use Doctrine\DBAL\Driver\PDOConnection;
 use Doctrine\DBAL\Driver\PDOStatement;
-use Doctrine\DBAL\ParameterType;
 use function strpos;
 use function substr;
 
@@ -31,9 +30,9 @@ public function lastInsertId($name = null)
     /**
      * {@inheritDoc}
      */
-    public function quote($value, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        $val = parent::quote($value, $type);
+        $val = parent::quote($input);
 
         // Fix for a driver version terminating all values with null byte
         if (strpos($val, "\0") !== false) {

lib/Doctrine/DBAL/Driver/SQLAnywhere/SQLAnywhereConnection.php

@@ -6,10 +6,7 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use function assert;
-use function is_float;
-use function is_int;
 use function is_resource;
 use function is_string;
 use function sasql_affected_rows;
@@ -159,12 +156,8 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        if (is_int($input) || is_float($input)) {
-            return $input;
-        }
-
         return "'" . sasql_escape_string($this->connection, $input) . "'";
     }
 

lib/Doctrine/DBAL/Driver/SQLSrv/SQLSrvConnection.php

@@ -6,11 +6,7 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use const SQLSRV_ERR_ERRORS;
-use function is_float;
-use function is_int;
-use function sprintf;
 use function sqlsrv_begin_transaction;
 use function sqlsrv_commit;
 use function sqlsrv_configure;
@@ -95,17 +91,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritDoc}
      */
-    public function quote($value, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        if (is_int($value)) {
-            return $value;
-        }
-
-        if (is_float($value)) {
-            return sprintf('%F', $value);
-        }
-
-        return "'" . str_replace("'", "''", $value) . "'";
+        return "'" . str_replace("'", "''", $input) . "'";
     }
 
     /**

lib/Doctrine/DBAL/Query/Expression/ExpressionBuilder.php

@@ -284,15 +284,10 @@ public function notIn($x, $y)
     }
 
     /**
-     * Quotes a given input parameter.
-     *
-     * @param mixed    $input The parameter to be quoted.
-     * @param int|null $type  The type of the parameter.
-     *
-     * @return string
+     * Creates an SQL literal expression from the string.
      */
-    public function literal($input, $type = null)
+    public function literal(string $input)
     {
-        return $this->connection->quote($input, $type);
+        return $this->connection->quote($input);
     }
 }

lib/Doctrine/DBAL/Schema/AbstractSchemaManager.php

@@ -830,12 +830,11 @@ abstract protected function _getPortableTableColumnDefinition($tableColumn);
     /**
      * Aggregates and groups the index results according to the required data result.
      *
-     * @param mixed[][]   $tableIndexRows
-     * @param string|null $tableName
+     * @param mixed[][] $tableIndexRows
      *
      * @return Index[]
      */
-    protected function _getPortableTableIndexesList($tableIndexRows, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         $result = [];
         foreach ($tableIndexRows as $tableIndex) {

lib/Doctrine/DBAL/Schema/DB2SchemaManager.php

@@ -5,7 +5,9 @@
 use Doctrine\DBAL\Types\Type;
 use const CASE_LOWER;
 use function array_change_key_case;
+use function assert;
 use function is_resource;
+use function is_string;
 use function preg_match;
 use function str_replace;
 use function strpos;
@@ -23,12 +25,14 @@ class DB2SchemaManager extends AbstractSchemaManager
      * Apparently creator is the schema not the user who created it:
      * {@link http://publib.boulder.ibm.com/infocenter/dzichelp/v2r2/index.jsp?topic=/com.ibm.db29.doc.sqlref/db2z_sysibmsystablestable.htm}
      */
-    public function listTableNames()
+    public function listTableNames() : array
     {
-        $sql  = $this->_platform->getListTablesSQL();
-        $sql .= ' AND CREATOR = UPPER(' . $this->_conn->quote($this->_conn->getUsername()) . ')';
+        $username = $this->_conn->getUsername();
+        assert(is_string($username));
 
-        $tables = $this->_conn->fetchAll($sql);
+        $sql = $this->_platform->getListTablesSQL() . ' AND CREATOR = UPPER(?)';
+
+        $tables = $this->_conn->fetchAll($sql, [$username]);
 
         return $this->filterAssetNames($this->_getPortableTablesList($tables));
     }
@@ -122,7 +126,7 @@ protected function _getPortableTablesList($tables)
     /**
      * {@inheritdoc}
      */
-    protected function _getPortableTableIndexesList($tableIndexRows, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         foreach ($tableIndexRows as &$tableIndexRow) {
             $tableIndexRow            = array_change_key_case($tableIndexRow, CASE_LOWER);

lib/Doctrine/DBAL/Schema/MySqlSchemaManager.php

@@ -73,9 +73,9 @@ protected function _getPortableUserDefinition($user)
     /**
      * {@inheritdoc}
      */
-    protected function _getPortableTableIndexesList($tableIndexes, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
-        foreach ($tableIndexes as $k => $v) {
+        foreach ($tableIndexRows as $k => $v) {
             $v = array_change_key_case($v, CASE_LOWER);
             if ($v['key_name'] === 'PRIMARY') {
                 $v['primary'] = true;
@@ -89,10 +89,10 @@ protected function _getPortableTableIndexesList($tableIndexes, $tableName = null
             }
             $v['length'] = isset($v['sub_part']) ? (int) $v['sub_part'] : null;
 
-            $tableIndexes[$k] = $v;
+            $tableIndexRows[$k] = $v;
         }
 
-        return parent::_getPortableTableIndexesList($tableIndexes, $tableName);
+        return parent::_getPortableTableIndexesList($tableIndexRows, $tableName);
     }
 
     /**

lib/Doctrine/DBAL/Schema/OracleSchemaManager.php

@@ -90,10 +90,10 @@ protected function _getPortableTableDefinition($table)
      *
      * @link http://ezcomponents.org/docs/api/trunk/DatabaseSchema/ezcDbSchemaPgsqlReader.html
      */
-    protected function _getPortableTableIndexesList($tableIndexes, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         $indexBuffer = [];
-        foreach ($tableIndexes as $tableIndex) {
+        foreach ($tableIndexRows as $tableIndex) {
             $tableIndex = array_change_key_case($tableIndex, CASE_LOWER);
 
             $keyName = strtolower($tableIndex['name']);

lib/Doctrine/DBAL/Schema/PostgreSqlSchemaManager.php

@@ -209,10 +209,10 @@ protected function _getPortableTableDefinition($table)
      *
      * @link http://ezcomponents.org/docs/api/trunk/DatabaseSchema/ezcDbSchemaPgsqlReader.html
      */
-    protected function _getPortableTableIndexesList($tableIndexes, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         $buffer = [];
-        foreach ($tableIndexes as $row) {
+        foreach ($tableIndexRows as $row) {
             $colNumbers    = array_map('intval', explode(' ', $row['indkey']));
             $columnNameSql = sprintf(
                 'SELECT attnum, attname FROM pg_attribute WHERE attrelid=%d AND attnum IN (%s) ORDER BY attnum ASC',

lib/Doctrine/DBAL/Schema/SQLAnywhereSchemaManager.php

@@ -194,7 +194,7 @@ protected function _getPortableTableForeignKeysList($tableForeignKeys)
     /**
      * {@inheritdoc}
      */
-    protected function _getPortableTableIndexesList($tableIndexRows, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         foreach ($tableIndexRows as &$tableIndex) {
             $tableIndex['primary'] = (bool) $tableIndex['primary'];

lib/Doctrine/DBAL/Schema/SQLServerSchemaManager.php

@@ -175,7 +175,7 @@ protected function _getPortableTableForeignKeysList($tableForeignKeys)
     /**
      * {@inheritdoc}
      */
-    protected function _getPortableTableIndexesList($tableIndexRows, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         foreach ($tableIndexRows as &$tableIndex) {
             $tableIndex['non_unique'] = (bool) $tableIndex['non_unique'];

lib/Doctrine/DBAL/Schema/SqliteSchemaManager.php

@@ -163,7 +163,7 @@ protected function _getPortableTableDefinition($table)
      *
      * @link http://ezcomponents.org/docs/api/trunk/DatabaseSchema/ezcDbSchemaPgsqlReader.html
      */
-    protected function _getPortableTableIndexesList($tableIndexes, $tableName = null)
+    protected function _getPortableTableIndexesList(array $tableIndexRows, string $tableName) : array
     {
         $indexBuffer = [];
 
@@ -195,7 +195,7 @@ protected function _getPortableTableIndexesList($tableIndexes, $tableName = null
         }
 
         // fetch regular indexes
-        foreach ($tableIndexes as $tableIndex) {
+        foreach ($tableIndexRows as $tableIndex) {
             // Ignore indexes with reserved names, e.g. autoindexes
             if (strpos($tableIndex['name'], 'sqlite_') === 0) {
                 continue;

lib/Doctrine/DBAL/Sharding/SQLAzure/SQLAzureShardManager.php

@@ -202,7 +202,7 @@ public function splitFederation($splitDistributionValue)
 
         $sql = 'ALTER FEDERATION ' . $this->getFederationName() . ' ' .
                'SPLIT AT (' . $this->getDistributionKey() . ' = ' .
-               $this->conn->quote($splitDistributionValue, $type->getBindingType()) . ')';
+               $this->conn->quote($splitDistributionValue) . ')';
         $this->conn->exec($sql);
     }
 }