Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deprecate inappropriate usage of prepared statement parameters #4411

Merged
merged 1 commit into from
Nov 5, 2020

Conversation

morozov
Copy link
Member

@morozov morozov commented Nov 5, 2020

Q A
Type deprecation
BC Break no

Summary

The current SQL parser implementation allows certain usages that are rather a side effects of the existing implementation than something that the implementation was purposefully designed for.

  1. The keys of positional parameters and their types can be anything and do not have to correspond to the positions of the placeholders in the statement. This is achieved by sorting them:
    ksort($params);
    ksort($types);
    and then discarding keys:
    $params = array_values($params);
    $types = array_values($types);
    And is even covered by a test:
    'Positional starts from 1: One non-list before and one after list-needle' => [
    'SELECT * FROM Foo WHERE foo = ? AND bar IN (?) AND baz = ? AND foo IN (?)',
    [1 => 1, 2 => [1, 2, 3], 3 => 4, 4 => [5, 6]],
    [
    1 => ParameterType::INTEGER,
    2 => Connection::PARAM_INT_ARRAY,
    3 => ParameterType::INTEGER,
    4 => Connection::PARAM_INT_ARRAY,
    ],
    'SELECT * FROM Foo WHERE foo = ? AND bar IN (?, ?, ?) AND baz = ? AND foo IN (?, ?)',
    [1, 1, 2, 3, 4, 5, 6],
    [
    ParameterType::INTEGER,
    ParameterType::INTEGER,
    ParameterType::INTEGER,
    ParameterType::INTEGER,
    ParameterType::INTEGER,
    ParameterType::INTEGER,
    ParameterType::INTEGER,
    ],
    ],
  2. The parser allows omitting parameters.
  3. The parser allows mixing positional and named parameters in the same statement (this is currently forbidden by the documentation and wouldn't be a BC break):
    a double-colon (:name1). You cannot mix the positional and the named approach. The approach

The behavior above should be deprecated in order to allow future rework of the parser w/o introducing breaking changes.

@morozov morozov merged commit 3622d6d into doctrine:2.12.x Nov 5, 2020
@morozov morozov deleted the deprecate-parser-abuse branch November 5, 2020 15:26
rgrellmann added a commit to Rossmann-IT/dbal that referenced this pull request Mar 7, 2021
Release [2.12.1](https://github.com/doctrine/dbal/milestone/84)

2.12.1
======

- Total issues resolved: **2**
- Total pull requests resolved: **11**
- Total contributors: **7**

Documentation,Prepared Statements
---------------------------------

 - [4424: Mark SQLParserUtils internal](doctrine#4424) thanks to @morozov

Packaging
---------

 - [4416: Update .gitattributes](doctrine#4416) thanks to @bytestream

Bug,Cache
---------

 - [4414: ResultCacheStatement::fetchAllAssociative does not store results in cache](doctrine#4414) thanks to @morozov and @dFayet

Deprecation,Prepared Statements
-------------------------------

 - [4411: Deprecate inappropriate usage of prepared statement parameters](doctrine#4411) thanks to @morozov
 - [4407: Deprecate colon prefix for prepared statement parameters](doctrine#4407) thanks to @morozov

Static Analysis
---------------

 - [4403: Remove redundant phpstan param from DriverManager::getConnection()](doctrine#4403) thanks to @simPod

Bug,Locking,Transactions
------------------------

 - [4400: LockMode::NONE should not set WITH (NOLOCK)](doctrine#4400) thanks to @BenMorel

Code Style,PHP
--------------

 - [4398: Update PHP&doctrine#95;CodeSniffer to 3.5.8](doctrine#4398) thanks to @morozov

PDO,PHP,Test Suite
------------------

 - [4396: Fix php8 mysql mariadb](doctrine#4396) thanks to @greg0ire

Documentation
-------------

 - [4390: Fix headline in the upgrade docs](doctrine#4390) thanks to @jdreesen

Documentation,Testing
---------------------

 - [4356: Testing Guidelines](doctrine#4356) thanks to @morozov

# gpg: Signature made Sat Nov 14 21:50:01 2020
# gpg:                using DSA key 1BEDEE0A820BC30D858F9F0C2C3A645671828132
# gpg: Can't check signature: No public key

# Conflicts:
#	README.md
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 27, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants