Skip to content

Commit

Permalink
Connection::quote() can only quote strings
Browse files Browse the repository at this point in the history
  • Loading branch information
@morozov
morozov committed Mar 16, 2019
1 parent 72ba3e4 commit 22b36a9
Show file tree
Hide file tree
Showing 15 changed files with 28 additions and 77 deletions.
4 changes: 4 additions & 0 deletions UPGRADE.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Upgrade to 3.0

## BC BREAK `Statement::quote()` only accepts strings.

`Statement::quote()` and `ExpressionBuilder::literal()` no longer accept arguments of an arbitrary type and and don't implement type-specific handling. Only strings can be quoted.

## BC BREAK `Statement` and `Connection` methods return `void`.

`Connection::connect()`, `Statement::bindParam()`, `::bindValue()`, `::execute()`, `ResultStatement::setFetchMode()` and `::closeCursor()` no longer return a boolean value. They will throw an exception in case of failure.
Expand Down
8 changes: 2 additions & 6 deletions lib/Doctrine/DBAL/Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -808,13 +808,9 @@ public function quoteIdentifier($str)
/**
* {@inheritDoc}
*/
public function quote($input, $type = null)
public function quote(string $input) : string
{
$connection = $this->getWrappedConnection();

[$value, $bindingType] = $this->getBindingInfo($input, $type);

return $connection->quote($value, $bindingType);
return $this->getWrappedConnection()->quote($input);
}

/**
Expand Down
8 changes: 1 addition & 7 deletions lib/Doctrine/DBAL/Driver/Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
namespace Doctrine\DBAL\Driver;

use Doctrine\DBAL\DBALException;
use Doctrine\DBAL\ParameterType;

/**
* Connection interface.
Expand All @@ -27,13 +26,8 @@ public function query(string $sql) : ResultStatement;

/**
* Quotes a string for use in a query.
*
* @param mixed $input
* @param int $type
*
* @return mixed
*/
public function quote($input, $type = ParameterType::STRING);
public function quote(string $input) : string;

/**
* Executes an SQL statement and return the number of affected rows.
Expand Down
11 changes: 2 additions & 9 deletions lib/Doctrine/DBAL/Driver/IBMDB2/DB2Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
use Doctrine\DBAL\Driver\ResultStatement;
use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
use Doctrine\DBAL\Driver\Statement as DriverStatement;
use Doctrine\DBAL\ParameterType;
use stdClass;
use const DB2_AUTOCOMMIT_OFF;
use const DB2_AUTOCOMMIT_ON;
Expand Down Expand Up @@ -101,15 +100,9 @@ public function query(string $sql) : ResultStatement
/**
* {@inheritdoc}
*/
public function quote($input, $type = ParameterType::STRING)
public function quote(string $input) : string
{
$input = db2_escape_string($input);

if ($type === ParameterType::INTEGER) {
return $input;
}

return "'" . $input . "'";
return "'" . db2_escape_string($input) . "'";
}

/**
Expand Down
3 changes: 1 addition & 2 deletions lib/Doctrine/DBAL/Driver/Mysqli/MysqliConnection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@
use Doctrine\DBAL\Driver\ResultStatement;
use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
use Doctrine\DBAL\Driver\Statement as DriverStatement;
use Doctrine\DBAL\ParameterType;
use mysqli;
use const MYSQLI_INIT_COMMAND;
use const MYSQLI_OPT_CONNECT_TIMEOUT;
Expand Down Expand Up @@ -146,7 +145,7 @@ public function query(string $sql) : ResultStatement
/**
* {@inheritdoc}
*/
public function quote($input, $type = ParameterType::STRING)
public function quote(string $input) : string
{
return "'" . $this->conn->escape_string($input) . "'";
}
Expand Down
13 changes: 2 additions & 11 deletions lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,11 @@
use Doctrine\DBAL\Driver\ResultStatement;
use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
use Doctrine\DBAL\Driver\Statement as DriverStatement;
use Doctrine\DBAL\ParameterType;
use UnexpectedValueException;
use const OCI_COMMIT_ON_SUCCESS;
use const OCI_DEFAULT;
use const OCI_NO_AUTO_COMMIT;
use function addcslashes;
use function is_float;
use function is_int;
use function oci_commit;
use function oci_connect;
use function oci_error;
Expand All @@ -22,7 +19,6 @@
use function oci_server_version;
use function preg_match;
use function sprintf;
use function str_replace;

/**
* OCI8 implementation of the Connection interface.
Expand Down Expand Up @@ -123,14 +119,9 @@ public function query(string $sql) : ResultStatement
/**
* {@inheritdoc}
*/
public function quote($value, $type = ParameterType::STRING)
public function quote(string $input) : string
{
if (is_int($value) || is_float($value)) {
return $value;
}
$value = str_replace("'", "''", $value);

return "'" . addcslashes($value, "\000\n\r\\\032") . "'";
return "'" . addcslashes($input, "\000\n\r\\\032") . "'";
}

/**
Expand Down
5 changes: 2 additions & 3 deletions lib/Doctrine/DBAL/Driver/PDOConnection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

namespace Doctrine\DBAL\Driver;

use Doctrine\DBAL\ParameterType;
use PDO;
use function assert;

Expand Down Expand Up @@ -86,9 +85,9 @@ public function query(string $sql) : ResultStatement
/**
* {@inheritdoc}
*/
public function quote($input, $type = ParameterType::STRING)
public function quote(string $input) : string
{
return $this->connection->quote($input, $type);
return $this->connection->quote($input);
}

/**
Expand Down
5 changes: 2 additions & 3 deletions lib/Doctrine/DBAL/Driver/PDOSqlsrv/Connection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@

use Doctrine\DBAL\Driver\PDOConnection;
use Doctrine\DBAL\Driver\PDOStatement;
use Doctrine\DBAL\ParameterType;
use function strpos;
use function substr;

Expand All @@ -31,9 +30,9 @@ public function lastInsertId($name = null)
/**
* {@inheritDoc}
*/
public function quote($value, $type = ParameterType::STRING)
public function quote(string $input) : string
{
$val = parent::quote($value, $type);
$val = parent::quote($input);

// Fix for a driver version terminating all values with null byte
if (strpos($val, "\0") !== false) {
Expand Down
9 changes: 1 addition & 8 deletions lib/Doctrine/DBAL/Driver/SQLAnywhere/SQLAnywhereConnection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,7 @@
use Doctrine\DBAL\Driver\ResultStatement;
use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
use Doctrine\DBAL\Driver\Statement as DriverStatement;
use Doctrine\DBAL\ParameterType;
use function assert;
use function is_float;
use function is_int;
use function is_resource;
use function is_string;
use function sasql_affected_rows;
Expand Down Expand Up @@ -159,12 +156,8 @@ public function query(string $sql) : ResultStatement
/**
* {@inheritdoc}
*/
public function quote($input, $type = ParameterType::STRING)
public function quote(string $input) : string
{
if (is_int($input) || is_float($input)) {
return $input;
}

return "'" . sasql_escape_string($this->connection, $input) . "'";
}

Expand Down
14 changes: 2 additions & 12 deletions lib/Doctrine/DBAL/Driver/SQLSrv/SQLSrvConnection.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,7 @@
use Doctrine\DBAL\Driver\ResultStatement;
use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
use Doctrine\DBAL\Driver\Statement as DriverStatement;
use Doctrine\DBAL\ParameterType;
use const SQLSRV_ERR_ERRORS;
use function is_float;
use function is_int;
use function sprintf;
use function sqlsrv_begin_transaction;
use function sqlsrv_commit;
use function sqlsrv_configure;
Expand Down Expand Up @@ -95,15 +91,9 @@ public function query(string $sql) : ResultStatement
/**
* {@inheritDoc}
*/
public function quote($value, $type = ParameterType::STRING)
public function quote(string $input) : string
{
if (is_int($value)) {
return $value;
} elseif (is_float($value)) {
return sprintf('%F', $value);
}

return "'" . str_replace("'", "''", $value) . "'";
return "'" . str_replace("'", "''", $input) . "'";
}

/**
Expand Down
11 changes: 3 additions & 8 deletions lib/Doctrine/DBAL/Query/Expression/ExpressionBuilder.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,15 +284,10 @@ public function notIn($x, $y)
}

/**
* Quotes a given input parameter.
*
* @param mixed $input The parameter to be quoted.
* @param int|null $type The type of the parameter.
*
* @return string
* Creates an SQL literal expression from the string.
*/
public function literal($input, $type = null)
public function literal(string $input)
{
return $this->connection->quote($input, $type);
return $this->connection->quote($input);
}
}
2 changes: 1 addition & 1 deletion lib/Doctrine/DBAL/Sharding/SQLAzure/SQLAzureShardManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ public function splitFederation($splitDistributionValue)

$sql = 'ALTER FEDERATION ' . $this->getFederationName() . ' ' .
'SPLIT AT (' . $this->getDistributionKey() . ' = ' .
$this->conn->quote($splitDistributionValue, $type->getBindingType()) . ')';
$this->conn->quote($splitDistributionValue) . ')';
$this->conn->exec($sql);
}
}
6 changes: 2 additions & 4 deletions tests/Doctrine/Tests/DBAL/Functional/ConnectionTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,7 @@
use Doctrine\DBAL\ConnectionException;
use Doctrine\DBAL\Driver\Connection as DriverConnection;
use Doctrine\DBAL\DriverManager;
use Doctrine\DBAL\ParameterType;
use Doctrine\DBAL\Platforms\AbstractPlatform;
use Doctrine\DBAL\Types\Type;
use Doctrine\Tests\DbalFunctionalTestCase;
use Error;
use Exception;
Expand Down Expand Up @@ -252,8 +250,8 @@ public function testTransactionalReturnValue()
public function testQuote()
{
self::assertEquals(
$this->connection->quote('foo', Type::STRING),
$this->connection->quote('foo', ParameterType::STRING)
$this->connection->quote('foo'),
$this->connection->quote('foo')
);
}

Expand Down
4 changes: 2 additions & 2 deletions tests/Doctrine/Tests/DBAL/Functional/DataAccessTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -177,9 +177,9 @@ public function testPrepareWithQuoted()
$paramStr = 'foo';

$stmt = $this->connection->prepare(sprintf(
'SELECT test_int, test_string FROM %s WHERE test_int = %s AND test_string = %s',
'SELECT test_int, test_string FROM %s WHERE test_int = %d AND test_string = %s',
$this->connection->quoteIdentifier($table),
$this->connection->quote($paramInt),
$paramInt,
$this->connection->quote($paramStr)
));
self::assertInstanceOf(Statement::class, $stmt);
Expand Down
2 changes: 1 addition & 1 deletion tests/Doctrine/Tests/DBAL/Functional/WriteTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public function testExecuteUpdateFirstTypeIsNull()

public function testExecuteUpdate()
{
$sql = 'INSERT INTO write_table (test_int) VALUES ( ' . $this->connection->quote(1) . ')';
$sql = 'INSERT INTO write_table (test_int) VALUES (1)';
$affected = $this->connection->executeUpdate($sql);

self::assertEquals(1, $affected, 'executeUpdate() should return the number of affected rows!');
Expand Down

0 comments on commit 22b36a9

Please sign in to comment.