SqlPreprocessor: detects modes inside SQL string, before ?

dg · dg · commit 6dd5dda0daf7 · 2015-12-16T20:34:02.000+01:00
diff --git a/src/Database/SqlPreprocessor.php b/src/Database/SqlPreprocessor.php
@@ -66,7 +66,7 @@ public function process($params)
 				$this->arrayMode = NULL;
 				$res[] = Nette\Utils\Strings::replace(
 					$param,
-					'~\'[^\']*+\'|"[^"]*+"|\?[a-z]*|^\s*+(?:INSERT|REPLACE)\b|\b(?:SET|WHERE|HAVING|ORDER BY|GROUP BY|KEY UPDATE)(?=[\s?]*+\z)|/\*.*?\*/|--[^\n]*~si',
+					'~\'[^\']*+\'|"[^"]*+"|\?[a-z]*|^\s*+(?:INSERT|REPLACE)\b|\b(?:SET|WHERE|HAVING|ORDER BY|GROUP BY|KEY UPDATE)(?=\s*\z|\s*\?)|/\*.*?\*/|--[^\n]*~si',
 					[$this, 'callback']
 				);
 			} else {
diff --git a/tests/Database/SqlPreprocessor.phpt b/tests/Database/SqlPreprocessor.phpt
@@ -143,6 +143,19 @@ test(function () use ($preprocessor) { // ?order
 });
 
 
+test(function () use ($preprocessor) { // mix of where & order
+	list($sql, $params) = $preprocessor->process(['SELECT id FROM author WHERE ? ORDER BY ?', [
+		'id' => 1,
+		'web' => 'web',
+	], [
+		'name' => FALSE,
+	]]);
+
+	Assert::same(reformat("SELECT id FROM author WHERE ([id] = 1) AND ([web] = 'web') ORDER BY [name] DESC"), $sql);
+	Assert::same([], $params);
+});
+
+
 test(function () use ($preprocessor) { // missing parameters
 	Assert::exception(function () use ($preprocessor) {
 		$preprocessor->process(['SELECT id FROM author WHERE id =? OR id = ?', 11]);
