Fix false-positive parameter validation error when query string is no…

…t resolvable (#630)
staabm · Sep 29, 2023 · ccabc0c · ccabc0c
1 parent 4154548
commit ccabc0c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 2 deletions.
diff --git a/src/QueryReflection/PlaceholderValidation.php b/src/QueryReflection/PlaceholderValidation.php
@@ -28,6 +28,10 @@ public function checkQuery(Expr $queryExpr, Scope $scope, array $parameters): it
             }
         }
 
+        if ($queryStrings === []) {
+            return;
+        }
+
         if ($namedPlaceholders) {
             yield from $this->validateNamedPlaceholders($queryStrings, $parameters);
 
@@ -36,8 +40,8 @@ public function checkQuery(Expr $queryExpr, Scope $scope, array $parameters): it
 
         $minPlaceholderCount = PHP_INT_MAX;
         $maxPlaceholderCount = 0;
-        foreach ($queryStrings as $queryString) {
-            $placeholderCount = $queryReflection->countPlaceholders($queryString);
+        foreach ($queryStrings as $unnamedQueryString) {
+            $placeholderCount = $queryReflection->countPlaceholders($unnamedQueryString);
             if ($placeholderCount < $minPlaceholderCount) {
                 $minPlaceholderCount = $placeholderCount;
             }

diff --git a/tests/rules/data/placeholder-bug.php b/tests/rules/data/placeholder-bug.php
@@ -47,4 +47,12 @@ public function wrongMinBound(PDO $pdo)
         $stmt = $pdo->prepare('SELECT email, adaid FROM ada WHERE adaid = ? OR adaid = ? ');
         $stmt->execute([]);
     }
+
+    public function notResolvableQuery(PDO $pdo, $params)
+    {
+        $query ='SELECT email, adaid FROM ada WHERE email = ? '.$params;
+
+        $stmt = $pdo->prepare($query);
+        $stmt->execute(['hello world']);
+    }
 }