Mirrors
/
php
mirror of https://github.com/php/php-src
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
30467 Commits
553 Branches
1496 Tags
744 MiB
Tree: dc95b1bd32
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dc95b1bd32'
${ noResults }
php/ext/pdo/pdo_sql_parser.re

456 lines
12 KiB
Raw Normal View History

license/copyright block
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Added missing header.
21 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Tweaks for win32
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
iactually support :\w+ as binds
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
set active_query_string to null in case of failure
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
set active_query_string to null in case of failure
22 years ago
Tweaks for win32
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
Tweaks for win32
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
handle input LOBs (which are passed as streams) in bound parameter emulation. Update error handling.
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
Don't segault when we have placeholders but no bound params
22 years ago
it's only an error in emulation mode; rewrite happens in prepare, which happens before bindParam
22 years ago
handle input LOBs (which are passed as streams) in bound parameter emulation. Update error handling.
22 years ago
Don't segault when we have placeholders but no bound params
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
handle input LOBs (which are passed as streams) in bound parameter emulation. Update error handling.
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
handle input LOBs (which are passed as streams) in bound parameter emulation. Update error handling.
22 years ago
fix for PECL #3545
22 years ago
handle input LOBs (which are passed as streams) in bound parameter emulation. Update error handling.
22 years ago
fix for PECL #3545
22 years ago
*cough*
22 years ago
fix for PECL #3545
22 years ago
handle input LOBs (which are passed as streams) in bound parameter emulation. Update error handling.
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
implement mapping of :name to ? parameters for drivers that only support ? placeholders. The current restriction is that you may not use the same named parameter more than one in a given query, as there is a danger of scary things happen with the zval if it gets bound multiple times.
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
implement mapping of :name to ? parameters for drivers that only support ? placeholders. The current restriction is that you may not use the same named parameter more than one in a given query, as there is a danger of scary things happen with the zval if it gets bound multiple times.
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
Tweaks for win32
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
forgotten off the last commit
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
forgotten off the last commit
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
forgotten off the last commit
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Tweaks for win32
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Tweaks for win32
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
set active_query_string to null in case of failure
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
keys need to be null-terminated (how did this not get committed before???) bind-by-name includes the leading : in the name
22 years ago
ok, apprently we _don't_ want to count the nulls.
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
keys need to be null-terminated (how did this not get committed before???) bind-by-name includes the leading : in the name
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
off by one error
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
set active_query_string to null in case of failure
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
set active_query_string to null in case of failure
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
set active_query_string to null in case of failure
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Support ? as a bind in emulated prepares Throw informative error when pdo_parse_param fails
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Revise query parser so that it can rewrite from one bind syntax to another. Expose it as PDO_API. No drivers utilize this feature yet.
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
Tweaks for win32
22 years ago
handle binding/quoting of queries for drivers with emulated prepares
22 years ago
  1. /*
  2. +----------------------------------------------------------------------+
  3. | PHP Version 5 |
  4. +----------------------------------------------------------------------+
  5. | Copyright (c) 1997-2004 The PHP Group |
  6. +----------------------------------------------------------------------+
  7. | This source file is subject to version 3.0 of the PHP license, |
  8. | that is bundled with this package in the file LICENSE, and is |
  9. | available through the world-wide-web at the following url: |
  10. | http://www.php.net/license/3_0.txt. |
  11. | If you did not receive a copy of the PHP license and are unable to |
  12. | obtain it through the world-wide-web, please send a note to |
  13. | license@php.net so we can mail you a copy immediately. |
  14. +----------------------------------------------------------------------+
  15. | Author: George Schlossnagle <george@omniti.com> |
  16. +----------------------------------------------------------------------+
  17. */
  19. /* $Id$ */
  21. #include "php.h"
  22. #include "php_pdo_driver.h"
  23. #include "php_pdo_int.h"
  25. #define PDO_PARSER_TEXT 1
  26. #define PDO_PARSER_BIND 2
  27. #define PDO_PARSER_BIND_POS 3
  28. #define PDO_PARSER_EOI 4
  30. #define RET(i) {s->cur = cursor; return i; }
  32. #define YYCTYPE char
  33. #define YYCURSOR cursor
  34. #define YYLIMIT s->lim
  35. #define YYMARKER s->ptr
  36. #define YYFILL(n)
  38. typedef struct Scanner {
  39. char *lim, *ptr, *cur, *tok;
  40. } Scanner;
  42. static int scan(Scanner *s)
  43. {
  44. char *cursor = s->cur;
  45. std:
  46. s->tok = cursor;
  47. /*!re2c
  48. BINDCHR = [:][a-zA-Z0-9_]+;
  49. QUESTION = [?];
  50. SPECIALS = [:?"'];
  51. ESCQQ = [\\]["];
  52. ESCQ = [\\]['];
  53. EOF = [\000];
  54. ANYNOEOF = [\001-\377];
  55. */
  57. /*!re2c
  58. (["] (ESCQQ|ANYNOEOF\[\\"])* ["]) { RET(PDO_PARSER_TEXT); }
  59. (['] (ESCQ|ANYNOEOF\[\\"])* [']) { RET(PDO_PARSER_TEXT); }
  60. BINDCHR { RET(PDO_PARSER_BIND); }
  61. QUESTION { RET(PDO_PARSER_BIND_POS); }
  62. SPECIALS { RET(PDO_PARSER_TEXT); }
  63. (ANYNOEOF\SPECIALS)+ { RET(PDO_PARSER_TEXT); }
  64. EOF { RET(PDO_PARSER_EOI); }
  65. */
  66. }
  68. struct placeholder {
  69. char *pos;
  70. int len;
  71. int bindno;
  72. int qlen; /* quoted length of value */
  73. char *quoted; /* quoted value */
  74. int freeq;
  75. struct placeholder *next;
  76. };
  78. PDO_API int pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len,
  79. char **outquery, int *outquery_len TSRMLS_DC)
  80. {
  81. Scanner s;
  82. char *ptr, *newbuffer;
  83. int t;
  84. int bindno = 0;
  85. int ret = 0;
  86. int newbuffer_len;
  87. HashTable *params;
  88. struct pdo_bound_param_data *param;
  89. int query_type = PDO_PLACEHOLDER_NONE;
  90. struct placeholder *placeholders = NULL, *placetail = NULL, *plc = NULL;
  92. ptr = *outquery;
  93. s.cur = inquery;
  94. s.lim = inquery + inquery_len;
  96. /* phase 1: look for args */
  97. while((t = scan(&s)) != PDO_PARSER_EOI) {
  98. if (t == PDO_PARSER_BIND || t == PDO_PARSER_BIND_POS) {
  99. if (t == PDO_PARSER_BIND) {
  100. query_type |= PDO_PLACEHOLDER_NAMED;
  101. } else {
  102. query_type |= PDO_PLACEHOLDER_POSITIONAL;
  103. }
  105. plc = emalloc(sizeof(*plc));
  106. memset(plc, 0, sizeof(*plc));
  107. plc->next = NULL;
  108. plc->pos = s.tok;
  109. plc->len = s.cur - s.tok;
  110. plc->bindno = bindno++;
  112. if (placetail) {
  113. placetail->next = plc;
  114. } else {
  115. placeholders = plc;
  116. }
  117. placetail = plc;
  118. }
  119. }
  121. if (bindno == 0) {
  122. /* nothing to do; good! */
  123. return 0;
  124. }
  126. /* did the query make sense to me? */
  127. if (query_type == (PDO_PLACEHOLDER_NAMED|PDO_PLACEHOLDER_POSITIONAL)) {
  128. /* they mixed both types; punt */
  129. pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "mixed named and positional parameters" TSRMLS_CC);
  130. return -1;
  131. }
  133. if (stmt->supports_placeholders == query_type) {
  134. /* query matches native syntax */
  135. ret = 0;
  136. goto clean_up;
  137. }
  139. params = stmt->bound_params;
  141. /* Do we have placeholders but no bound params */
  142. if (bindno && !params && stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
  143. pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "no parameters were bound" TSRMLS_CC);
  144. ret = -1;
  145. goto clean_up;
  146. }
  148. /* what are we going to do ? */
  150. if (stmt->supports_placeholders == PDO_PLACEHOLDER_NONE) {
  151. /* query generation */
  153. newbuffer_len = inquery_len;
  155. /* let's quote all the values */
  156. for (plc = placeholders; plc; plc = plc->next) {
  157. if (query_type == PDO_PLACEHOLDER_POSITIONAL) {
  158. ret = zend_hash_index_find(params, plc->bindno, (void**) &param);
  159. } else {
  160. ret = zend_hash_find(params, plc->pos, plc->len, (void**) &param);
  161. }
  162. if (ret == FAILURE) {
  163. /* parameter was not defined */
  164. ret = -1;
  165. pdo_raise_impl_error(stmt->dbh, stmt, "HY093", "parameter was not defined" TSRMLS_CC);
  166. goto clean_up;
  167. }
  168. if (stmt->dbh->methods->quoter) {
  169. if (param->param_type == PDO_PARAM_LOB && Z_TYPE_P(param->parameter) == IS_RESOURCE) {
  170. php_stream *stm;
  172. php_stream_from_zval_no_verify(stm, &param->parameter);
  173. if (stm) {
  174. size_t len;
  175. char *buf = NULL;
  177. len = php_stream_copy_to_mem(stm, &buf, PHP_STREAM_COPY_ALL, 0);
  178. if (!stmt->dbh->methods->quoter(stmt->dbh, buf, len, &plc->quoted, &plc->qlen,
  179. param->param_type TSRMLS_CC)) {
  180. /* bork */
  181. ret = -1;
  182. strcpy(stmt->error_code, stmt->dbh->error_code);
  183. efree(buf);
  184. goto clean_up;
  185. }
  186. efree(buf);
  188. } else {
  189. pdo_raise_impl_error(stmt->dbh, stmt, "HY105", "Expected a stream resource" TSRMLS_CC);
  190. ret = -1;
  191. goto clean_up;
  192. }
  193. plc->freeq = 1;
  194. } else {
  195. switch (Z_TYPE_P(param->parameter)) {
  196. case IS_NULL:
  197. plc->quoted = "NULL";
  198. plc->qlen = sizeof("NULL")-1;
  199. plc->freeq = 0;
  200. break;
  202. case IS_BOOL:
  203. convert_to_long(param->parameter);
  204. case IS_LONG:
  205. case IS_DOUBLE:
  206. convert_to_string(param->parameter);
  207. plc->qlen = Z_STRLEN_P(param->parameter);
  208. plc->quoted = Z_STRVAL_P(param->parameter);
  209. plc->freeq = 0;
  210. break;
  212. default:
  213. convert_to_string(param->parameter);
  214. if (!stmt->dbh->methods->quoter(stmt->dbh, Z_STRVAL_P(param->parameter),
  215. Z_STRLEN_P(param->parameter), &plc->quoted, &plc->qlen,
  216. param->param_type TSRMLS_CC)) {
  217. /* bork */
  218. ret = -1;
  219. strcpy(stmt->error_code, stmt->dbh->error_code);
  220. goto clean_up;
  221. }
  222. plc->freeq = 1;
  223. }
  224. }
  225. } else {
  226. plc->quoted = Z_STRVAL_P(param->parameter);
  227. plc->qlen = Z_STRLEN_P(param->parameter);
  228. }
  229. newbuffer_len += plc->qlen;
  230. }
  232. rewrite:
  233. /* allocate output buffer */
  234. newbuffer = emalloc(newbuffer_len + 1);
  235. *outquery = newbuffer;
  237. /* and build the query */
  238. plc = placeholders;
  239. ptr = inquery;
  241. do {
  242. t = plc->pos - ptr;
  243. if (t) {
  244. memcpy(newbuffer, ptr, t);
  245. newbuffer += t;
  246. }
  247. memcpy(newbuffer, plc->quoted, plc->qlen);
  248. newbuffer += plc->qlen;
  249. ptr = plc->pos + plc->len;
  251. plc = plc->next;
  252. } while (plc);
  254. t = (inquery + inquery_len) - ptr;
  255. if (t) {
  256. memcpy(newbuffer, ptr, t);
  257. newbuffer += t;
  258. }
  259. *newbuffer = '\0';
  260. *outquery_len = newbuffer - *outquery;
  262. ret = 1;
  263. goto clean_up;
  265. } else if (query_type == PDO_PLACEHOLDER_POSITIONAL) {
  266. /* rewrite ? to :pdoX */
  267. char idxbuf[32];
  269. newbuffer_len = inquery_len;
  271. for (plc = placeholders; plc; plc = plc->next) {
  272. snprintf(idxbuf, sizeof(idxbuf), ":pdo%d", plc->bindno);
  273. plc->quoted = estrdup(idxbuf);
  274. plc->qlen = strlen(plc->quoted);
  275. plc->freeq = 1;
  276. newbuffer_len += plc->qlen;
  277. }
  279. goto rewrite;
  281. } else {
  282. /* rewrite :name to ? */
  284. newbuffer_len = inquery_len;
  286. if (stmt->bound_param_map == NULL) {
  287. ALLOC_HASHTABLE(stmt->bound_param_map);
  288. zend_hash_init(stmt->bound_param_map, 13, NULL, NULL, 0);
  289. }
  291. for (plc = placeholders; plc; plc = plc->next) {
  292. char *name;
  294. name = estrndup(plc->pos, plc->len);
  295. zend_hash_index_update(stmt->bound_param_map, plc->bindno, name, plc->len + 1, NULL);
  296. efree(name);
  297. plc->quoted = "?";
  298. plc->qlen = 1;
  299. }
  301. goto rewrite;
  302. }
  304. clean_up:
  306. while (placeholders) {
  307. plc = placeholders;
  308. placeholders = plc->next;
  310. if (plc->freeq) {
  311. efree(plc->quoted);
  312. }
  314. efree(plc);
  315. }
  317. return ret;
  318. }
  320. #if 0
  321. int old_pdo_parse_params(pdo_stmt_t *stmt, char *inquery, int inquery_len, char **outquery,
  322. int *outquery_len TSRMLS_DC)
  323. {
  324. Scanner s;
  325. char *ptr;
  326. int t;
  327. int bindno = 0;
  328. int newbuffer_len;
  329. int padding;
  330. HashTable *params = stmt->bound_params;
  331. struct pdo_bound_param_data *param;
  332. /* allocate buffer for query with expanded binds, ptr is our writing pointer */
  333. newbuffer_len = inquery_len;
  335. /* calculate the possible padding factor due to quoting */
  336. if(stmt->dbh->max_escaped_char_length) {
  337. padding = stmt->dbh->max_escaped_char_length;
  338. } else {
  339. padding = 3;
  340. }
  341. if(params) {
  342. zend_hash_internal_pointer_reset(params);
  343. while (SUCCESS == zend_hash_get_current_data(params, (void**)&param)) {
  344. if(param->parameter) {
  345. convert_to_string(param->parameter);
  346. /* accomodate a string that needs to be fully quoted
  347. bind placeholders are at least 2 characters, so
  348. the accomodate their own "'s
  349. */
  350. newbuffer_len += padding * Z_STRLEN_P(param->parameter);
  351. }
  352. zend_hash_move_forward(params);
  353. }
  354. }
  355. *outquery = (char *) emalloc(newbuffer_len + 1);
  356. *outquery_len = 0;
  358. ptr = *outquery;
  359. s.cur = inquery;
  360. s.lim = inquery + inquery_len;
  361. while((t = scan(&s)) != PDO_PARSER_EOI) {
  362. if(t == PDO_PARSER_TEXT) {
  363. memcpy(ptr, s.tok, s.cur - s.tok);
  364. ptr += (s.cur - s.tok);
  365. *outquery_len += (s.cur - s.tok);
  366. }
  367. else if(t == PDO_PARSER_BIND) {
  368. if(!params) {
  369. /* error */
  370. efree(*outquery);
  371. *outquery = NULL;
  372. return (int) (s.cur - inquery);
  373. }
  374. /* lookup bind first via hash and then index */
  375. /* stupid keys need to be null-terminated, even though we know their length */
  376. if((SUCCESS == zend_hash_find(params, s.tok, s.cur-s.tok,(void **)&param))
  377. ||
  378. (SUCCESS == zend_hash_index_find(params, bindno, (void **)&param)))
  379. {
  380. char *quotedstr;
  381. int quotedstrlen;
  382. /* restore the in-string key, doesn't need null-termination here */
  383. /* currently everything is a string here */
  385. /* quote the bind value if necessary */
  386. if(stmt->dbh->methods->quoter(stmt->dbh, Z_STRVAL_P(param->parameter),
  387. Z_STRLEN_P(param->parameter), &quotedstr, &quotedstrlen TSRMLS_CC))
  388. {
  389. memcpy(ptr, quotedstr, quotedstrlen);
  390. ptr += quotedstrlen;
  391. *outquery_len += quotedstrlen;
  392. efree(quotedstr);
  393. } else {
  394. memcpy(ptr, Z_STRVAL_P(param->parameter), Z_STRLEN_P(param->parameter));
  395. ptr += Z_STRLEN_P(param->parameter);
  396. *outquery_len += (Z_STRLEN_P(param->parameter));
  397. }
  398. }
  399. else {
  400. /* error and cleanup */
  401. efree(*outquery);
  402. *outquery = NULL;
  403. return (int) (s.cur - inquery);
  404. }
  405. bindno++;
  406. }
  407. else if(t == PDO_PARSER_BIND_POS) {
  408. if(!params) {
  409. /* error */
  410. efree(*outquery);
  411. *outquery = NULL;
  412. return (int) (s.cur - inquery);
  413. }
  414. /* lookup bind by index */
  415. if(SUCCESS == zend_hash_index_find(params, bindno, (void **)&param))
  416. {
  417. char *quotedstr;
  418. int quotedstrlen;
  419. /* currently everything is a string here */
  421. /* quote the bind value if necessary */
  422. if(stmt->dbh->methods->quoter(stmt->dbh, Z_STRVAL_P(param->parameter),
  423. Z_STRLEN_P(param->parameter), &quotedstr, &quotedstrlen TSRMLS_CC))
  424. {
  425. memcpy(ptr, quotedstr, quotedstrlen);
  426. ptr += quotedstrlen;
  427. *outquery_len += quotedstrlen;
  428. efree(quotedstr);
  429. } else {
  430. memcpy(ptr, Z_STRVAL_P(param->parameter), Z_STRLEN_P(param->parameter));
  431. ptr += Z_STRLEN_P(param->parameter);
  432. *outquery_len += (Z_STRLEN_P(param->parameter));
  433. }
  434. }
  435. else {
  436. /* error and cleanup */
  437. efree(*outquery);
  438. *outquery = NULL;
  439. return (int) (s.cur - inquery);
  440. }
  441. bindno++;
  442. }
  443. }
  444. *ptr = '\0';
  445. return 0;
  446. }
  447. #endif
  449. /*
  450. * Local variables:
  451. * tab-width: 4
  452. * c-basic-offset: 4
  453. * End:
  454. * vim600: noet sw=4 ts=4 fdm=marker ft=c
  455. * vim<600: noet sw=4 ts=4
  456. */