Merge pull request #681 from cosmocode/SQL-placeholders

Use named parameters in SQL queries

Author: annda

_test/QueryBuilderTest.php

@@ -23,29 +23,4 @@ public function test_join()
         $qb->addLeftJoin('second', 'fourth', 'fourth', 'second.foo=fourth.foo');
         $this->assertEquals(['first', 'second', 'fourth', 'third'], array_keys($qb->from));
     }
-
-    public function test_placeholders()
-    {
-        $qb = new QueryBuilder();
-
-
-        $foo = $qb->addValue('foo');
-        $bar = $qb->addValue('bar');
-
-        $input = "this is $foo and $bar and $foo again";
-        $expect = "this is ? and ? and ? again";
-        $values = ['foo', 'bar', 'foo'];
-
-        $output = $qb->fixPlaceholders($input);
-
-        $this->assertEquals($expect, $output[0]);
-        $this->assertEquals($values, $output[1]);
-    }
-
-    public function test_placeholderfail()
-    {
-        $this->expectException(StructException::class);
-        $qb = new QueryBuilder();
-        $qb->fixPlaceholders('this has unknown placeholder :!!val7!!:');
-    }
 }

_test/StructTest.php

@@ -111,7 +111,7 @@ protected function getLang($key)
      */
     protected function cleanWS($string)
     {
-        return preg_replace('/\s+/s', '', $string);
+        return preg_replace(['/\s+/s', '/\:val(\d{1,3})/'], ['', '?'], $string);
     }
 
     /**

_test/mock/QueryBuilder.php

@@ -8,18 +8,13 @@ class QueryBuilder extends meta\QueryBuilder
 {
     public $from;
 
-    public function fixPlaceholders($sql)
-    {
-        return parent::fixPlaceholders($sql);
-    }
-
     /**
      * for debugging where statements
      *
      * @return array ($sql, $opts)
      */
     public function getWhereSQL()
     {
-        return $this->fixPlaceholders($this->filters()->toSQL());
+        return [$this->filters()->toSQL(), array_values($this->values)];
     }
 }

meta/QueryBuilder.php

@@ -183,7 +183,7 @@ public function addValue($value)
         static $count = 0;
         $count++;
 
-        $placeholder = ":!!val$count!!:"; // sqlite plugin does not support named parameters, yet so we have simulate it
+        $placeholder = ":val$count";
         $this->values[$placeholder] = $value;
         return $placeholder;
     }
@@ -241,33 +241,7 @@ public function getSQL()
                 'ORDER BY ' . implode(",\n", $this->orderby) . "\n";
         }
 
-        return $this->fixPlaceholders($sql);
-    }
-
-    /**
-     * Replaces the named placeholders with ? placeholders
-     *
-     * Until the sqlite plugin can use named placeholder properly
-     *
-     * @param string $sql
-     * @return array
-     */
-    protected function fixPlaceholders($sql)
-    {
-        $vals = [];
-
-        while (preg_match('/(:!!val\d+!!:)/', $sql, $m)) {
-            $pl = $m[1];
-
-            if (!array_key_exists($pl, $this->values)) {
-                throw new StructException('Placeholder not found');
-            }
-
-            $sql = preg_replace("/$pl/", '?', $sql, 1);
-            $vals[] = $this->values[$pl];
-        }
-
-        return [$sql, $vals];
+        return [$sql, array_values($this->values)];
     }
 
     /**