Connection::quote() can only quote strings

Author: morozov

UPGRADE.md

@@ -1,5 +1,9 @@
 # Upgrade to 3.0
 
+## BC BREAK `Statement::quote()` only accepts strings.
+
+`Statement::quote()` and `ExpressionBuilder::literal()` no longer accept arguments of an arbitrary type and and don't implement type-specific handling. Only strings can be quoted.
+
 ## BC BREAK `Statement` and `Connection` methods return `void`.
 
 `Connection::connect()`, `Statement::bindParam()`, `::bindValue()`, `::execute()`, `ResultStatement::setFetchMode()` and `::closeCursor()` no longer return a boolean value. They will throw an exception in case of failure.

lib/Doctrine/DBAL/Connection.php

@@ -808,13 +808,9 @@ public function quoteIdentifier($str)
     /**
      * {@inheritDoc}
      */
-    public function quote($input, $type = null)
+    public function quote(string $input) : string
     {
-        $connection = $this->getWrappedConnection();
-
-        [$value, $bindingType] = $this->getBindingInfo($input, $type);
-
-        return $connection->quote($value, $bindingType);
+        return $this->getWrappedConnection()->quote($input);
     }
 
     /**

lib/Doctrine/DBAL/Driver/Connection.php

@@ -3,7 +3,6 @@
 namespace Doctrine\DBAL\Driver;
 
 use Doctrine\DBAL\DBALException;
-use Doctrine\DBAL\ParameterType;
 
 /**
  * Connection interface.
@@ -27,13 +26,8 @@ public function query(string $sql) : ResultStatement;
 
     /**
      * Quotes a string for use in a query.
-     *
-     * @param mixed $input
-     * @param int   $type
-     *
-     * @return mixed
      */
-    public function quote($input, $type = ParameterType::STRING);
+    public function quote(string $input) : string;
 
     /**
      * Executes an SQL statement and return the number of affected rows.

lib/Doctrine/DBAL/Driver/IBMDB2/DB2Connection.php

@@ -6,7 +6,6 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use stdClass;
 use const DB2_AUTOCOMMIT_OFF;
 use const DB2_AUTOCOMMIT_ON;
@@ -101,15 +100,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        $input = db2_escape_string($input);
-
-        if ($type === ParameterType::INTEGER) {
-            return $input;
-        }
-
-        return "'" . $input . "'";
+        return "'" . db2_escape_string($input) . "'";
     }
 
     /**

lib/Doctrine/DBAL/Driver/Mysqli/MysqliConnection.php

@@ -7,7 +7,6 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use mysqli;
 use const MYSQLI_INIT_COMMAND;
 use const MYSQLI_OPT_CONNECT_TIMEOUT;
@@ -146,7 +145,7 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
         return "'" . $this->conn->escape_string($input) . "'";
     }

lib/Doctrine/DBAL/Driver/OCI8/OCI8Connection.php

@@ -6,14 +6,11 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use UnexpectedValueException;
 use const OCI_COMMIT_ON_SUCCESS;
 use const OCI_DEFAULT;
 use const OCI_NO_AUTO_COMMIT;
 use function addcslashes;
-use function is_float;
-use function is_int;
 use function oci_commit;
 use function oci_connect;
 use function oci_error;
@@ -22,7 +19,6 @@
 use function oci_server_version;
 use function preg_match;
 use function sprintf;
-use function str_replace;
 
 /**
  * OCI8 implementation of the Connection interface.
@@ -123,14 +119,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($value, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        if (is_int($value) || is_float($value)) {
-            return $value;
-        }
-        $value = str_replace("'", "''", $value);
-
-        return "'" . addcslashes($value, "\000\n\r\\\032") . "'";
+        return "'" . addcslashes($input, "\000\n\r\\\032") . "'";
     }
 
     /**

lib/Doctrine/DBAL/Driver/PDOConnection.php

@@ -2,7 +2,6 @@
 
 namespace Doctrine\DBAL\Driver;
 
-use Doctrine\DBAL\ParameterType;
 use PDO;
 use function assert;
 
@@ -86,9 +85,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        return $this->connection->quote($input, $type);
+        return $this->connection->quote($input);
     }
 
     /**

lib/Doctrine/DBAL/Driver/PDOSqlsrv/Connection.php

@@ -4,7 +4,6 @@
 
 use Doctrine\DBAL\Driver\PDOConnection;
 use Doctrine\DBAL\Driver\PDOStatement;
-use Doctrine\DBAL\ParameterType;
 use function strpos;
 use function substr;
 
@@ -31,9 +30,9 @@ public function lastInsertId($name = null)
     /**
      * {@inheritDoc}
      */
-    public function quote($value, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        $val = parent::quote($value, $type);
+        $val = parent::quote($input);
 
         // Fix for a driver version terminating all values with null byte
         if (strpos($val, "\0") !== false) {

lib/Doctrine/DBAL/Driver/SQLAnywhere/SQLAnywhereConnection.php

@@ -6,10 +6,7 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use function assert;
-use function is_float;
-use function is_int;
 use function is_resource;
 use function is_string;
 use function sasql_affected_rows;
@@ -159,12 +156,8 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritdoc}
      */
-    public function quote($input, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        if (is_int($input) || is_float($input)) {
-            return $input;
-        }
-
         return "'" . sasql_escape_string($this->connection, $input) . "'";
     }
 

lib/Doctrine/DBAL/Driver/SQLSrv/SQLSrvConnection.php

@@ -6,11 +6,7 @@
 use Doctrine\DBAL\Driver\ResultStatement;
 use Doctrine\DBAL\Driver\ServerInfoAwareConnection;
 use Doctrine\DBAL\Driver\Statement as DriverStatement;
-use Doctrine\DBAL\ParameterType;
 use const SQLSRV_ERR_ERRORS;
-use function is_float;
-use function is_int;
-use function sprintf;
 use function sqlsrv_begin_transaction;
 use function sqlsrv_commit;
 use function sqlsrv_configure;
@@ -95,15 +91,9 @@ public function query(string $sql) : ResultStatement
     /**
      * {@inheritDoc}
      */
-    public function quote($value, $type = ParameterType::STRING)
+    public function quote(string $input) : string
     {
-        if (is_int($value)) {
-            return $value;
-        } elseif (is_float($value)) {
-            return sprintf('%F', $value);
-        }
-
-        return "'" . str_replace("'", "''", $value) . "'";
+        return "'" . str_replace("'", "''", $input) . "'";
     }
 
     /**

lib/Doctrine/DBAL/Query/Expression/ExpressionBuilder.php

@@ -284,15 +284,10 @@ public function notIn($x, $y)
     }
 
     /**
-     * Quotes a given input parameter.
-     *
-     * @param mixed    $input The parameter to be quoted.
-     * @param int|null $type  The type of the parameter.
-     *
-     * @return string
+     * Creates an SQL literal expression from the string.
      */
-    public function literal($input, $type = null)
+    public function literal(string $input)
     {
-        return $this->connection->quote($input, $type);
+        return $this->connection->quote($input);
     }
 }

lib/Doctrine/DBAL/Sharding/SQLAzure/SQLAzureShardManager.php

@@ -202,7 +202,7 @@ public function splitFederation($splitDistributionValue)
 
         $sql = 'ALTER FEDERATION ' . $this->getFederationName() . ' ' .
                'SPLIT AT (' . $this->getDistributionKey() . ' = ' .
-               $this->conn->quote($splitDistributionValue, $type->getBindingType()) . ')';
+               $this->conn->quote($splitDistributionValue) . ')';
         $this->conn->exec($sql);
     }
 }

tests/Doctrine/Tests/DBAL/Functional/ConnectionTest.php

@@ -6,9 +6,7 @@
 use Doctrine\DBAL\ConnectionException;
 use Doctrine\DBAL\Driver\Connection as DriverConnection;
 use Doctrine\DBAL\DriverManager;
-use Doctrine\DBAL\ParameterType;
 use Doctrine\DBAL\Platforms\AbstractPlatform;
-use Doctrine\DBAL\Types\Type;
 use Doctrine\Tests\DbalFunctionalTestCase;
 use Error;
 use Exception;
@@ -252,8 +250,8 @@ public function testTransactionalReturnValue()
     public function testQuote()
     {
         self::assertEquals(
-            $this->connection->quote('foo', Type::STRING),
-            $this->connection->quote('foo', ParameterType::STRING)
+            $this->connection->quote('foo'),
+            $this->connection->quote('foo')
         );
     }
 

tests/Doctrine/Tests/DBAL/Functional/DataAccessTest.php

@@ -177,9 +177,9 @@ public function testPrepareWithQuoted()
         $paramStr = 'foo';
 
         $stmt = $this->connection->prepare(sprintf(
-            'SELECT test_int, test_string FROM %s WHERE test_int = %s AND test_string = %s',
+            'SELECT test_int, test_string FROM %s WHERE test_int = %d AND test_string = %s',
             $this->connection->quoteIdentifier($table),
-            $this->connection->quote($paramInt),
+            $paramInt,
             $this->connection->quote($paramStr)
         ));
         self::assertInstanceOf(Statement::class, $stmt);

tests/Doctrine/Tests/DBAL/Functional/WriteTest.php

@@ -46,7 +46,7 @@ public function testExecuteUpdateFirstTypeIsNull()
 
     public function testExecuteUpdate()
     {
-        $sql      = 'INSERT INTO write_table (test_int) VALUES ( ' . $this->connection->quote(1) . ')';
+        $sql      = 'INSERT INTO write_table (test_int) VALUES (1)';
         $affected = $this->connection->executeUpdate($sql);
 
         self::assertEquals(1, $affected, 'executeUpdate() should return the number of affected rows!');