Parameter parsing fixes

lib/Doctrine/DBAL/SQLParserUtils.php

@@ -80,7 +80,8 @@ static public function getPlaceholderPositions($statement, $isPositional = true)
      * @param string    $query  The SQL query to execute.
      * @param array     $params The parameters to bind to the query.
      * @param array     $types  The types the previous parameters are in.
-     * 
+     *
+     * @throws SQLParserUtilsException
      * @return array
      */
     static public function expandListParameters($query, $params, $types)
@@ -103,7 +104,7 @@ static public function expandListParameters($query, $params, $types)
             $arrayPositions[$name] = false;
         }
 
-        if (( ! $arrayPositions && $isPositional) || (count($params) != count($types))) {
+        if (( ! $arrayPositions && $isPositional)) {
             return array($query, $params, $types);
         }
 
@@ -130,9 +131,9 @@ static public function expandListParameters($query, $params, $types)
 
                 $types = array_merge(
                     array_slice($types, 0, $needle),
-                    $count ? 
+                    $count ?
                         array_fill(0, $count, $types[$needle] - Connection::ARRAY_PARAM_OFFSET) : // array needles are at PDO::PARAM_* + 100
-                        array(), 
+                        array(),
                     array_slice($types, $needle + 1)
                 );
 
@@ -152,16 +153,16 @@ static public function expandListParameters($query, $params, $types)
         $paramsOrd   = array();
 
         foreach ($paramPos as $pos => $paramName) {
-            $paramLen   = strlen($paramName) + 1;
-            $value      = $params[$paramName];
+            $paramLen = strlen($paramName) + 1;
+            $value    = static::extractParam($paramName, $params, true);
 
-            if ( ! isset($arrayPositions[$paramName])) {
+            if ( ! isset($arrayPositions[$paramName]) && ! isset($arrayPositions[':' . $paramName])) {
                 $pos         += $queryOffset;
                 $queryOffset -= ($paramLen - 1);
                 $paramsOrd[]  = $value;
-                $typesOrd[]   = $types[$paramName];
+                $typesOrd[]   = static::extractParam($paramName, $types, false, \PDO::PARAM_STR);
                 $query        = substr($query, 0, $pos) . '?' . substr($query, ($pos + $paramLen));
-            
+
                 continue;
             }
 
@@ -170,7 +171,7 @@ static public function expandListParameters($query, $params, $types)
 
             foreach ($value as $val) {
                 $paramsOrd[] = $val;
-                $typesOrd[]  = $types[$paramName] - Connection::ARRAY_PARAM_OFFSET;
+                $typesOrd[]  = static::extractParam($paramName, $types, false) - Connection::ARRAY_PARAM_OFFSET;
             }
 
             $pos         += $queryOffset;
@@ -199,4 +200,35 @@ static private function getUnquotedStatementFragments($statement)
 
         return $fragments[1];
     }
+
+    /**
+     * @param string    $paramName      The name of the parameter (without a colon in front)
+     * @param array     $paramsOrTypes  A hash of parameters or types
+     * @param bool      $isParam
+     * @param mixed     $defaultValue   An optional default value. If omitted, an exception is thrown
+     *
+     * @throws SQLParserUtilsException
+     * @return mixed
+     */
+    static private function extractParam($paramName, $paramsOrTypes, $isParam, $defaultValue = null)
+    {
+        if (isset($paramsOrTypes[$paramName])) {
+            return $paramsOrTypes[$paramName];
+        }
+
+        // Hash keys can be prefixed with a colon for compatibility
+        if (isset($paramsOrTypes[':' . $paramName])) {
+            return $paramsOrTypes[':' . $paramName];
+        }
+
+        if (null !== $defaultValue) {
+            return $defaultValue;
+        }
+
+        if ($isParam) {
+            throw SQLParserUtilsException::missingParam($paramName);
+        } else {
+            throw SQLParserUtilsException::missingType($paramName);
+        }
+    }
 }

lib/Doctrine/DBAL/SQLParserUtilsException.php

@@ -0,0 +1,43 @@
+<?php
+/*
+ *  $Id: $
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ * This software consists of voluntary contributions made by many individuals
+ * and is licensed under the MIT license. For more information, see
+ * <http://www.doctrine-project.org>.
+ */
+
+namespace Doctrine\DBAL;
+
+/**
+ * Doctrine\DBAL\ConnectionException
+ *
+ * @license     http://www.opensource.org/licenses/lgpl-license.php LGPL
+ * @link        www.doctrine-project.org
+ * @since       2.4
+ * @author      Lars Strojny <lars@strojny.net>
+ */
+class SQLParserUtilsException extends DBALException
+{
+    public static function missingParam($paramName)
+    {
+        return new self(sprintf('Value for :%1$s not found in params array. Params array key should be "%1$s"', $paramName));
+    }
+
+    public static function missingType($typeName)
+    {
+        return new self(sprintf('Value for :%1$s not found in types array. Types array key should be "%1$s"', $typeName));
+    }
+}

tests/Doctrine/Tests/DBAL/SQLParserUtilsTest.php

@@ -237,6 +237,55 @@ static public function dataExpandListParameters()
                 array(),
                 array()
             ),
+            array(
+                "SELECT * FROM Foo WHERE foo IN (:foo) OR bar = :bar OR baz = :baz",
+                array('foo' => array(1, 2), 'bar' => 'bar', 'baz' => 'baz'),
+                array('foo' => Connection::PARAM_INT_ARRAY, 'baz' => 'string'),
+                'SELECT * FROM Foo WHERE foo IN (?, ?) OR bar = ? OR baz = ?',
+                array(1, 2, 'bar', 'baz'),
+                array(\PDO::PARAM_INT, \PDO::PARAM_INT, \PDO::PARAM_STR, 'string')
+            ),
+            array(
+                "SELECT * FROM Foo WHERE foo IN (:foo) OR bar = :bar",
+                array('foo' => array(1, 2), 'bar' => 'bar'),
+                array('foo' => Connection::PARAM_INT_ARRAY),
+                'SELECT * FROM Foo WHERE foo IN (?, ?) OR bar = ?',
+                array(1, 2, 'bar'),
+                array(\PDO::PARAM_INT, \PDO::PARAM_INT, \PDO::PARAM_STR)
+            ),
+            // Params/types with colons
+            array(
+                "SELECT * FROM Foo WHERE foo = :foo OR bar = :bar",
+                array(':foo' => 'foo', ':bar' => 'bar'),
+                array(':foo' => \PDO::PARAM_INT),
+                'SELECT * FROM Foo WHERE foo = ? OR bar = ?',
+                array('foo', 'bar'),
+                array(\PDO::PARAM_INT, \PDO::PARAM_STR)
+            ),
+            array(
+                "SELECT * FROM Foo WHERE foo = :foo OR bar = :bar",
+                array(':foo' => 'foo', ':bar' => 'bar'),
+                array(':foo' => \PDO::PARAM_INT, 'bar' => \PDO::PARAM_INT),
+                'SELECT * FROM Foo WHERE foo = ? OR bar = ?',
+                array('foo', 'bar'),
+                array(\PDO::PARAM_INT, \PDO::PARAM_INT)
+            ),
+            array(
+                "SELECT * FROM Foo WHERE foo IN (:foo) OR bar = :bar",
+                array(':foo' => array(1, 2), ':bar' => 'bar'),
+                array('foo' => Connection::PARAM_INT_ARRAY),
+                'SELECT * FROM Foo WHERE foo IN (?, ?) OR bar = ?',
+                array(1, 2, 'bar'),
+                array(\PDO::PARAM_INT, \PDO::PARAM_INT, \PDO::PARAM_STR)
+            ),
+            array(
+                "SELECT * FROM Foo WHERE foo IN (:foo) OR bar = :bar",
+                array('foo' => array(1, 2), 'bar' => 'bar'),
+                array(':foo' => Connection::PARAM_INT_ARRAY),
+                'SELECT * FROM Foo WHERE foo IN (?, ?) OR bar = ?',
+                array(1, 2, 'bar'),
+                array(\PDO::PARAM_INT, \PDO::PARAM_INT, \PDO::PARAM_STR)
+            ),
         );
     }
 
@@ -257,4 +306,53 @@ public function testExpandListParameters($q, $p, $t, $expectedQuery, $expectedPa
         $this->assertEquals($expectedParams, $params, "Params dont match");
         $this->assertEquals($expectedTypes, $types, "Types dont match");
     }
+
+    public static function dataQueryWithMissingParameters()
+    {
+        return array(
+            array(
+                "SELECT * FROM foo WHERE bar = :param",
+                array('other' => 'val'),
+                array(),
+            ),
+            array(
+                "SELECT * FROM foo WHERE bar = :param",
+                array(),
+                array(),
+            ),
+            array(
+                "SELECT * FROM foo WHERE bar = :param",
+                array(),
+                array('param' => Connection::PARAM_INT_ARRAY),
+            ),
+            array(
+                "SELECT * FROM foo WHERE bar = :param",
+                array(),
+                array(':param' => Connection::PARAM_INT_ARRAY),
+            ),
+            array(
+                "SELECT * FROM foo WHERE bar = :param",
+                array(),
+                array('bar' => Connection::PARAM_INT_ARRAY),
+            ),
+             array(
+                "SELECT * FROM foo WHERE bar = :param",
+                array('bar' => 'value'),
+                array('bar' => Connection::PARAM_INT_ARRAY),
+            ),
+        );
+    }
+
+    /**
+     * @dataProvider dataQueryWithMissingParameters
+     */
+    public function testExceptionIsThrownForMissingParam($query, $params, $types = array())
+    {
+        $this->setExpectedException(
+            'Doctrine\DBAL\SQLParserUtilsException',
+            'Value for :param not found in params array. Params array key should be "param"'
+        );
+
+        SQLParserUtils::expandListParameters($query, $params, $types);
+    }
 }