patches/laminas-db-Fix-using-parameters-in-prepared-queries.patch

   1 From 3e2c78f92a3fff6ceb503944067021cd5839ea89 Mon Sep 17 00:00:00 2001
   2 From: Johan Cwiklinski <johan@x-tnd.be>
   3 Date: Sat, 7 Nov 2020 12:23:31 +0100
   4 Subject: [PATCH 1/2] Fix using parameters in prepared queries
   5
   6 See https://bugs.galette.eu/issues/1299
   7 ---
   8  src/Sql/AbstractSql.php | 7 ++++++-
   9  src/Sql/Insert.php      | 8 +++++++-
  10  src/Sql/Update.php      | 8 +++++++-
  11  3 files changed, 20 insertions(+), 3 deletions(-)
  12
  13 diff --git a/src/Sql/AbstractSql.php b/src/Sql/AbstractSql.php
  14 index f1f88268..9c2f6f41 100644
  15 --- a/src/Sql/AbstractSql.php
  16 +++ b/src/Sql/AbstractSql.php
  17 @@ -184,7 +184,12 @@ abstract class AbstractSql implements SqlInterface
  18                      // if prepareType is set, it means that this particular value must be
  19                      // passed back to the statement in a way it can be used as a placeholder value
  20                      if ($parameterContainer) {
  21 -                        $name = $namedParameterPrefix . $expressionParamIndex++;
  22 +                        $matches = [];
  23 +                        if (preg_match('/:([0-9a-zA-Z_]+)/', $value, $matches)) {
  24 +                            $name = $matches[1];
  25 +                        } else {
  26 +                            $name = $namedParameterPrefix . $expressionParamIndex++;
  27 +                        };
  28                          $parameterContainer->offsetSet($name, $value);
  29                          $values[$vIndex] = $driver->formatParameterName($name);
  30                          continue;
  31 diff --git a/src/Sql/Insert.php b/src/Sql/Insert.php
  32 index 22820c05..b36ff6d6 100644
  33 --- a/src/Sql/Insert.php
  34 +++ b/src/Sql/Insert.php
  35 @@ -187,8 +187,14 @@ class Insert extends AbstractPreparableSql
  36              if (is_scalar($value) && $parameterContainer) {
  37                  // use incremental value instead of column name for PDO
  38                  // @see https://github.com/zendframework/zend-db/issues/35
  39 +                // Galette: only rename when needed.
  40                  if ($driver instanceof Pdo) {
  41 -                    $column = 'c_' . $i++;
  42 +                    $matches = [];
  43 +                    if (preg_match('/:([0-9a-zA-Z_]+)/', $value, $matches)) {
  44 +                        $column = $matches[1];
  45 +                    } else {
  46 +                        $column = 'c_' . ++$i;
  47 +                    };
  48                  }
  49                  $values[] = $driver->formatParameterName($column);
  50                  $parameterContainer->offsetSet($column, $value);
  51 diff --git a/src/Sql/Update.php b/src/Sql/Update.php
  52 index 7f5d7c3c..a6206089 100644
  53 --- a/src/Sql/Update.php
  54 +++ b/src/Sql/Update.php
  55 @@ -203,8 +203,14 @@ class Update extends AbstractPreparableSql
  56              if (is_scalar($value) && $parameterContainer) {
  57                  // use incremental value instead of column name for PDO
  58                  // @see https://github.com/zendframework/zend-db/issues/35
  59 +                // Galette: only rename when needed.
  60                  if ($driver instanceof Pdo) {
  61 -                    $column = 'c_' . $i++;
  62 +                    $matches = [];
  63 +                    if (preg_match('/:([0-9a-zA-Z_]+)/', $value, $matches)) {
  64 +                        $column = $matches[1];
  65 +                    } else {
  66 +                        $column = 'c_' . ++$i;
  67 +                    };
  68                  }
  69                  $setSql[] = $prefix . $driver->formatParameterName($column);
  70                  $parameterContainer->offsetSet($column, $value);
  71 --
  72 2.26.2
  73