Merge branch 'hotfix/224' into develop

Forward port #224

Author: weierophinney

CHANGELOG.md

@@ -54,7 +54,10 @@ All notable changes to this project will be documented in this file, in reverse
 
 ### Fixed
 
-- Nothing.
+- [#224](https://github.com/zendframework/zend-db/pull/224) fixes how parameters
+  are bound to statements in the PDO adapter. PDO has a restriction on parameter
+  names of `[0-9a-zA_Z_]`; as such, the driver now hashes the parameter names
+  using `md5()` in order to ensure compatibility with other drivers.
 
 ## 2.8.2 - 2016-08-09
 

src/Adapter/Driver/Pdo/Pdo.php

@@ -304,7 +304,8 @@ public function getPrepareType()
     public function formatParameterName($name, $type = null)
     {
         if ($type === null && ! is_numeric($name) || $type == self::PARAMETERIZATION_NAMED) {
-            return ':' . $name;
+            // using MD5 because of the PDO restriction [A-Za-z0-9_] for bindParam name
+            return ':' . md5($name);
         }
 
         return '?';

src/Adapter/Driver/Pdo/Statement.php

@@ -289,7 +289,7 @@ protected function bindParametersFromContainer()
             }
 
             // parameter is named or positional, value is reference
-            $parameter = is_int($name) ? ($name + 1) : $name;
+            $parameter = is_int($name) ? ($name + 1) : $this->driver->formatParameterName($name);
             $this->resource->bindParam($parameter, $value, $type);
         }
     }

test/Adapter/Driver/Pdo/PdoTest.php

@@ -39,4 +39,29 @@ public function testGetDatabasePlatformName()
         self::assertEquals('SqlServer', $this->pdo->getDatabasePlatformName());
         self::assertEquals('SQLServer', $this->pdo->getDatabasePlatformName(DriverInterface::NAME_FORMAT_NATURAL));
     }
+
+    public function getParamsAndType()
+    {
+        return [
+            [ 'foo', null, ':' . md5('foo')],
+            [ 'foo-', null, ':' . md5('foo-')],
+            [ 'foo$', null, ':' . md5('foo$')],
+            [ 1, null, '?' ],
+            [ '1', null, '?'],
+            [ 'foo', Pdo::PARAMETERIZATION_NAMED, ':' . md5('foo')],
+            [ 'foo-', Pdo::PARAMETERIZATION_NAMED, ':' . md5('foo-')],
+            [ 'foo$', Pdo::PARAMETERIZATION_NAMED, ':' . md5('foo$')],
+            [ 1, Pdo::PARAMETERIZATION_NAMED, ':' . md5('1')],
+            [ '1', Pdo::PARAMETERIZATION_NAMED, ':' . md5('1')],
+        ];
+    }
+
+    /**
+     * @dataProvider getParamsAndType
+     */
+    public function testFormatParameterName($name, $type, $expected)
+    {
+        $result = $this->pdo->formatParameterName($name, $type);
+        $this->assertEquals($expected, $result);
+    }
 }

test/Adapter/Driver/Pdo/StatementIntegrationTest.php

@@ -55,7 +55,7 @@ protected function tearDown()
     public function testStatementExecuteWillConvertPhpBoolToPdoBoolWhenBinding()
     {
         $this->pdoStatementMock->expects($this->any())->method('bindParam')->with(
-            $this->equalTo('foo'),
+            $this->equalTo(':' . md5('foo')),
             $this->equalTo(false),
             $this->equalTo(\PDO::PARAM_BOOL)
         );
@@ -65,7 +65,7 @@ public function testStatementExecuteWillConvertPhpBoolToPdoBoolWhenBinding()
     public function testStatementExecuteWillUsePdoStrByDefaultWhenBinding()
     {
         $this->pdoStatementMock->expects($this->any())->method('bindParam')->with(
-            $this->equalTo('foo'),
+            $this->equalTo(':' . md5('foo')),
             $this->equalTo('bar'),
             $this->equalTo(\PDO::PARAM_STR)
         );

test/Adapter/Driver/Pdo/StatementTest.php

@@ -12,6 +12,7 @@
 use PHPUnit\Framework\TestCase;
 use Zend\Db\Adapter\Driver\Pdo\Connection;
 use Zend\Db\Adapter\Driver\Pdo\Pdo;
+use Zend\Db\Adapter\Driver\Pdo\Result;
 use Zend\Db\Adapter\Driver\Pdo\Statement;
 use Zend\Db\Adapter\ParameterContainer;
 
@@ -127,4 +128,28 @@ public function testExecute()
         $this->statement->prepare('SELECT 1');
         self::assertInstanceOf('Zend\Db\Adapter\Driver\Pdo\Result', $this->statement->execute());
     }
+
+    /**
+     * @see https://github.com/zendframework/zend-db/pull/224
+     */
+    public function testExecuteWithSpecialCharInBindParam()
+    {
+        $testSqlite = new TestAsset\SqliteMemoryPdo('CREATE TABLE test (text_ TEXT, text$ TEXT);');
+        $this->statement->setDriver(new Pdo(new Connection($testSqlite)));
+        $this->statement->initialize($testSqlite);
+
+        $this->statement->prepare(sprintf(
+            'INSERT INTO test (text_, text$) VALUES (:%s, :%s)',
+            md5('text_'),
+            md5('text$')
+        ));
+        $result = $this->statement->execute([ 'text_' => 'foo', 'text$' => 'bar']);
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertTrue($result->valid());
+
+        $result = $testSqlite->query('SELECT * FROM test');
+        $values = $result->fetch();
+        $this->assertEquals('foo', $values['text_']);
+        $this->assertEquals('bar', $values['text$']);
+    }
 }

test/Adapter/Driver/Pdo/TestAsset/SqliteMemoryPdo.php

@@ -13,8 +13,19 @@ class SqliteMemoryPdo extends \Pdo
 {
     protected $mockStatement;
 
-    public function __construct()
+    public function __construct($sql = null)
     {
         parent::__construct('sqlite::memory:');
+
+        if (empty($sql)) {
+            return;
+        }
+        if (false === $this->exec($sql)) {
+            throw new \Exception(sprintf(
+                "Error: %s, %s",
+                $this->errorCode(),
+                implode(",", $this->errorInfo())
+            ));
+        }
     }
 }