From 087a134b50fe73458a88def5f225edbd2ffa43d5 Mon Sep 17 00:00:00 2001 From: Felipe Pena Date: Sat, 4 Jun 2011 22:54:40 +0000 Subject: [PATCH] - Fixed bug #54929 (Parse error with single quote in sql comment) --- NEWS | 1 + ext/pdo/pdo_sql_parser.c | 229 ++++++++++++++++++++++-------- ext/pdo/pdo_sql_parser.re | 4 +- ext/pdo_mysql/tests/bug54929.phpt | 74 ++++++++++ 4 files changed, 246 insertions(+), 62 deletions(-) create mode 100644 ext/pdo_mysql/tests/bug54929.phpt diff --git a/NEWS b/NEWS index 9f1a977a5c..f5ee7ea956 100644 --- a/NEWS +++ b/NEWS @@ -118,6 +118,7 @@ PHP NEWS and range). (nihen at megabbs dot com, Andrey) - PDO extension: + . Fixed bug #54929 (Parse error with single quote in sql comment). (Felipe) . Fixed bug #52104 (bindColumn creates Warning regardless of ATTR_ERRMODE settings). (Ilia) diff --git a/ext/pdo/pdo_sql_parser.c b/ext/pdo/pdo_sql_parser.c index 7a30a3178a..47e28d36f0 100644 --- a/ext/pdo/pdo_sql_parser.c +++ b/ext/pdo/pdo_sql_parser.c @@ -1,4 +1,4 @@ -/* Generated by re2c 0.13.6.dev on Thu Nov 13 14:47:06 2008 */ +/* Generated by re2c 0.13.5 on Sat Jun 4 18:42:25 2011 */ #line 1 "ext/pdo/pdo_sql_parser.re" /* +----------------------------------------------------------------------+ @@ -30,7 +30,7 @@ #define PDO_PARSER_EOI 4 #define RET(i) {s->cur = cursor; return i; } -#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; } +#define SKIP_ONE(i) {s->cur = s->tok + 1; return i; } #define YYCTYPE unsigned char #define YYCURSOR cursor @@ -47,35 +47,40 @@ static int scan(Scanner *s) char *cursor = s->cur; s->tok = cursor; - #line 55 "ext/pdo/pdo_sql_parser.re" + #line 56 "ext/pdo/pdo_sql_parser.re" #line 55 "ext/pdo/pdo_sql_parser.c" { YYCTYPE yych; + unsigned int yyaccept = 0; if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); yych = *YYCURSOR; switch (yych) { - case 0x00: goto yy11; + case 0x00: goto yy13; case '"': goto yy2; case '\'': goto yy4; + case '-': goto yy10; + case '/': goto yy8; case ':': goto yy5; case '?': goto yy6; - default: goto yy8; + default: goto yy11; } yy2: + yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych >= 0x01) goto yy26; + if (yych >= 0x01) goto yy43; yy3: -#line 63 "ext/pdo/pdo_sql_parser.re" +#line 64 "ext/pdo/pdo_sql_parser.re" { SKIP_ONE(PDO_PARSER_TEXT); } -#line 75 "ext/pdo/pdo_sql_parser.c" +#line 79 "ext/pdo/pdo_sql_parser.c" yy4: + yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= 0x00) goto yy3; - goto yy20; + goto yy37; yy5: yych = *++YYCURSOR; switch (yych) { @@ -141,57 +146,156 @@ yy5: case 'w': case 'x': case 'y': - case 'z': goto yy16; + case 'z': goto yy33; case ':': - case '?': goto yy13; + case '?': goto yy30; default: goto yy3; } yy6: ++YYCURSOR; switch ((yych = *YYCURSOR)) { case ':': - case '?': goto yy13; + case '?': goto yy30; default: goto yy7; } yy7: -#line 62 "ext/pdo/pdo_sql_parser.re" +#line 63 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_BIND_POS); } -#line 160 "ext/pdo/pdo_sql_parser.c" +#line 165 "ext/pdo/pdo_sql_parser.c" yy8: + ++YYCURSOR; + switch ((yych = *YYCURSOR)) { + case '*': goto yy20; + default: goto yy12; + } +yy9: +#line 66 "ext/pdo/pdo_sql_parser.re" + { RET(PDO_PARSER_TEXT); } +#line 175 "ext/pdo/pdo_sql_parser.c" +yy10: + yych = *++YYCURSOR; + switch (yych) { + case '-': goto yy15; + default: goto yy12; + } +yy11: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; +yy12: switch (yych) { case 0x00: case '"': case '\'': case ':': - case '?': goto yy10; - default: goto yy8; + case '?': goto yy9; + default: goto yy11; } -yy10: -#line 64 "ext/pdo/pdo_sql_parser.re" - { RET(PDO_PARSER_TEXT); } -#line 176 "ext/pdo/pdo_sql_parser.c" -yy11: +yy13: ++YYCURSOR; -#line 65 "ext/pdo/pdo_sql_parser.re" +#line 67 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_EOI); } -#line 181 "ext/pdo/pdo_sql_parser.c" -yy13: +#line 199 "ext/pdo/pdo_sql_parser.c" +yy15: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; switch (yych) { + case 0x00: + case '"': + case '\'': case ':': - case '?': goto yy13; + case '?': goto yy18; + case '\n': + case '\r': goto yy11; default: goto yy15; } -yy15: -#line 60 "ext/pdo/pdo_sql_parser.re" +yy17: +#line 65 "ext/pdo/pdo_sql_parser.re" + { RET(PDO_PARSER_TEXT); } +#line 217 "ext/pdo/pdo_sql_parser.c" +yy18: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case '\n': + case '\r': goto yy17; + default: goto yy18; + } +yy20: + yyaccept = 1; + YYMARKER = ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case 0x00: + case '"': + case '\'': + case ':': + case '?': goto yy22; + case '*': goto yy24; + default: goto yy20; + } +yy22: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case '*': goto yy27; + default: goto yy22; + } +yy24: + yyaccept = 1; + YYMARKER = ++YYCURSOR; + if ((YYLIMIT - YYCURSOR) < 2) YYFILL(2); + yych = *YYCURSOR; + switch (yych) { + case 0x00: + case '"': + case '\'': + case ':': + case '?': goto yy22; + case '*': goto yy24; + case '/': goto yy26; + default: goto yy20; + } +yy26: + yych = *++YYCURSOR; + switch (yych) { + case 0x00: + case '"': + case '\'': + case ':': + case '?': goto yy17; + default: goto yy11; + } +yy27: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case '*': goto yy27; + case '/': goto yy29; + default: goto yy22; + } +yy29: + yych = *++YYCURSOR; + goto yy17; +yy30: + ++YYCURSOR; + if (YYLIMIT <= YYCURSOR) YYFILL(1); + yych = *YYCURSOR; + switch (yych) { + case ':': + case '?': goto yy30; + default: goto yy32; + } +yy32: +#line 61 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 194 "ext/pdo/pdo_sql_parser.c" -yy16: +#line 298 "ext/pdo/pdo_sql_parser.c" +yy33: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; @@ -258,62 +362,65 @@ yy16: case 'w': case 'x': case 'y': - case 'z': goto yy16; - default: goto yy18; + case 'z': goto yy33; + default: goto yy35; } -yy18: -#line 61 "ext/pdo/pdo_sql_parser.re" +yy35: +#line 62 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_BIND); } -#line 268 "ext/pdo/pdo_sql_parser.c" -yy19: +#line 372 "ext/pdo/pdo_sql_parser.c" +yy36: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; -yy20: +yy37: switch (yych) { - case 0x00: goto yy21; - case '\'': goto yy23; - case '\\': goto yy22; - default: goto yy19; + case 0x00: goto yy38; + case '\'': goto yy40; + case '\\': goto yy39; + default: goto yy36; } -yy21: +yy38: YYCURSOR = YYMARKER; - goto yy3; -yy22: + switch (yyaccept) { + case 0: goto yy3; + case 1: goto yy9; + } +yy39: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; - if (yych <= 0x00) goto yy21; - goto yy19; -yy23: + if (yych <= 0x00) goto yy38; + goto yy36; +yy40: ++YYCURSOR; -#line 59 "ext/pdo/pdo_sql_parser.re" +#line 60 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 293 "ext/pdo/pdo_sql_parser.c" -yy25: +#line 400 "ext/pdo/pdo_sql_parser.c" +yy42: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; -yy26: +yy43: switch (yych) { - case 0x00: goto yy21; - case '"': goto yy28; - case '\\': goto yy27; - default: goto yy25; + case 0x00: goto yy38; + case '"': goto yy45; + case '\\': goto yy44; + default: goto yy42; } -yy27: +yy44: ++YYCURSOR; if (YYLIMIT <= YYCURSOR) YYFILL(1); yych = *YYCURSOR; - if (yych <= 0x00) goto yy21; - goto yy25; -yy28: + if (yych <= 0x00) goto yy38; + goto yy42; +yy45: ++YYCURSOR; -#line 58 "ext/pdo/pdo_sql_parser.re" +#line 59 "ext/pdo/pdo_sql_parser.re" { RET(PDO_PARSER_TEXT); } -#line 315 "ext/pdo/pdo_sql_parser.c" +#line 422 "ext/pdo/pdo_sql_parser.c" } -#line 66 "ext/pdo/pdo_sql_parser.re" +#line 68 "ext/pdo/pdo_sql_parser.re" } diff --git a/ext/pdo/pdo_sql_parser.re b/ext/pdo/pdo_sql_parser.re index a9956db87f..bb7af3575d 100644 --- a/ext/pdo/pdo_sql_parser.re +++ b/ext/pdo/pdo_sql_parser.re @@ -28,7 +28,7 @@ #define PDO_PARSER_EOI 4 #define RET(i) {s->cur = cursor; return i; } -#define SKIP_ONE(i) {s->cur = s->tok + 1; return 1; } +#define SKIP_ONE(i) {s->cur = s->tok + 1; return i; } #define YYCTYPE unsigned char #define YYCURSOR cursor @@ -48,6 +48,7 @@ static int scan(Scanner *s) /*!re2c BINDCHR = [:][a-zA-Z0-9_]+; QUESTION = [?]; + COMMENTS = ("/*"([^*]+|[*]+[^/*])*[*]*"*/"|"--"[^\r\n]*); SPECIALS = [:?"']; MULTICHAR = [:?]; EOF = [\000]; @@ -61,6 +62,7 @@ static int scan(Scanner *s) BINDCHR { RET(PDO_PARSER_BIND); } QUESTION { RET(PDO_PARSER_BIND_POS); } SPECIALS { SKIP_ONE(PDO_PARSER_TEXT); } + COMMENTS { RET(PDO_PARSER_TEXT); } (ANYNOEOF\SPECIALS)+ { RET(PDO_PARSER_TEXT); } EOF { RET(PDO_PARSER_EOI); } */ diff --git a/ext/pdo_mysql/tests/bug54929.phpt b/ext/pdo_mysql/tests/bug54929.phpt new file mode 100644 index 0000000000..29fb44182b --- /dev/null +++ b/ext/pdo_mysql/tests/bug54929.phpt @@ -0,0 +1,74 @@ +--TEST-- +Bug #54929 (Parse error with single quote in sql comment (pdo-mysql)) +--SKIPIF-- + +--FILE-- +prepare($query); + + if (!$stmt->execute(array("foo"))) { + var_dump($stmt->errorInfo()); + } else{ + var_dump($stmt->fetch(PDO::FETCH_ASSOC)); + } +} + +testQuery("/* ' */ select ? as f1 /* ' */"); +testQuery("/* '-- */ select ? as f1 /* *' */"); +testQuery("/* ' */ select ? as f1 --';"); +testQuery("/* ' */ select ? as f1 -- 'a;"); +testQuery("/*'**/ select ? as f1 /* ' */"); +testQuery("/*'***/ select ? as f1 /* ' */"); +testQuery("/*'**a ***b / **** +****** +**/ select ? as f1 /* ' */"); + +?> +--EXPECTF-- +array(1) { + ["f1"]=> + string(3) "foo" +} +array(1) { + ["f1"]=> + string(3) "foo" +} + +Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--'' at line 1 in %s on line %d +array(3) { + [0]=> + string(5) "42000" + [1]=> + int(1064) + [2]=> + string(149) "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '--'' at line 1" +} +array(1) { + ["f1"]=> + string(3) "foo" +} +array(1) { + ["f1"]=> + string(3) "foo" +} +array(1) { + ["f1"]=> + string(3) "foo" +} +array(1) { + ["f1"]=> + string(3) "foo" +} -- 2.40.0