1 From 3e2c78f92a3fff6ceb503944067021cd5839ea89 Mon Sep 17 00:00:00 2001
2 From: Johan Cwiklinski <johan@x-tnd.be>
3 Date: Sat, 7 Nov 2020 12:23:31 +0100
4 Subject: [PATCH 1/2] Fix using parameters in prepared queries
6 See https://bugs.galette.eu/issues/1299
8 src/Sql/AbstractSql.php | 7 ++++++-
9 src/Sql/Insert.php | 8 +++++++-
10 src/Sql/Update.php | 8 +++++++-
11 3 files changed, 20 insertions(+), 3 deletions(-)
13 diff --git a/src/Sql/AbstractSql.php b/src/Sql/AbstractSql.php
14 index f1f88268..9c2f6f41 100644
15 --- a/src/Sql/AbstractSql.php
16 +++ b/src/Sql/AbstractSql.php
17 @@ -184,7 +184,12 @@ abstract class AbstractSql implements SqlInterface
18 // if prepareType is set, it means that this particular value must be
19 // passed back to the statement in a way it can be used as a placeholder value
20 if ($parameterContainer) {
21 - $name = $namedParameterPrefix . $expressionParamIndex++;
23 + if (preg_match('/:([0-9a-zA-Z_]+)/', $value, $matches)) {
24 + $name = $matches[1];
26 + $name = $namedParameterPrefix . $expressionParamIndex++;
28 $parameterContainer->offsetSet($name, $value);
29 $values[$vIndex] = $driver->formatParameterName($name);
31 diff --git a/src/Sql/Insert.php b/src/Sql/Insert.php
32 index 22820c05..b36ff6d6 100644
33 --- a/src/Sql/Insert.php
34 +++ b/src/Sql/Insert.php
35 @@ -187,8 +187,14 @@ class Insert extends AbstractPreparableSql
36 if (is_scalar($value) && $parameterContainer) {
37 // use incremental value instead of column name for PDO
38 // @see https://github.com/zendframework/zend-db/issues/35
39 + // Galette: only rename when needed.
40 if ($driver instanceof Pdo) {
41 - $column = 'c_' . $i++;
43 + if (preg_match('/:([0-9a-zA-Z_]+)/', $value, $matches)) {
44 + $column = $matches[1];
46 + $column = 'c_' . ++$i;
49 $values[] = $driver->formatParameterName($column);
50 $parameterContainer->offsetSet($column, $value);
51 diff --git a/src/Sql/Update.php b/src/Sql/Update.php
52 index 7f5d7c3c..a6206089 100644
53 --- a/src/Sql/Update.php
54 +++ b/src/Sql/Update.php
55 @@ -203,8 +203,14 @@ class Update extends AbstractPreparableSql
56 if (is_scalar($value) && $parameterContainer) {
57 // use incremental value instead of column name for PDO
58 // @see https://github.com/zendframework/zend-db/issues/35
59 + // Galette: only rename when needed.
60 if ($driver instanceof Pdo) {
61 - $column = 'c_' . $i++;
63 + if (preg_match('/:([0-9a-zA-Z_]+)/', $value, $matches)) {
64 + $column = $matches[1];
66 + $column = 'c_' . ++$i;
69 $setSql[] = $prefix . $driver->formatParameterName($column);
70 $parameterContainer->offsetSet($column, $value);