Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[6.x] Limit expected bindings v2 #35972

Merged
merged 3 commits into from Jan 21, 2021
+47 −12
Merged

[6.x] Limit expected bindings v2 #35972

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9d3752c
Limit expected bindingx v2.
KaneCohen Jan 21, 2021
dbbb1c1
Update whereDay and whereYear to clean value.
KaneCohen Jan 21, 2021
c6b8168
Add limit bindings for having between + tests.
KaneCohen Jan 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
25 changes: 18 additions & 7 deletions src/Illuminate/Database/Query/Builder.php
View file
Open in desktop
Expand Up @@ -307,6 +307,17 @@ public function fromRaw($expression, $bindings = [])
return $this;
}

/**
* Returns scalar type value from an unknown type of input.
*
* @param mixed $value
* @return mixed
*/
protected function scalarValue($value)
{
return is_array($value) ? head(Arr::flatten($value)) : $value;
}

/**
* Creates a subquery and parse it.
*
Expand Down Expand Up @@ -698,7 +709,7 @@ public function where($column, $operator = null, $value = null, $boolean = 'and'
);

if (! $value instanceof Expression) {
$this->addBinding(is_array($value) ? head($value) : $value, 'where');
$this->addBinding($this->scalarValue($value), 'where');
}

return $this;
Expand Down Expand Up @@ -1043,7 +1054,7 @@ public function whereBetween($column, array $values, $boolean = 'and', $not = fa

$this->wheres[] = compact('type', 'column', 'values', 'boolean', 'not');

$this->addBinding(array_slice($this->cleanBindings($values), 0, 2), 'where');
$this->addBinding(array_slice($this->cleanBindings(Arr::flatten($values)), 0, 2), 'where');

return $this;
}
Expand Down Expand Up @@ -1111,7 +1122,7 @@ public function whereDate($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;
$value = $this->scalarValue($value);

if ($value instanceof DateTimeInterface) {
$value = $value->format('Y-m-d');
Expand Down Expand Up @@ -1152,7 +1163,7 @@ public function whereTime($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;
$value = $this->scalarValue($value);

if ($value instanceof DateTimeInterface) {
$value = $value->format('H:i:s');
Expand Down Expand Up @@ -1238,7 +1249,7 @@ public function whereMonth($column, $operator, $value = null, $boolean = 'and')
$value, $operator, func_num_args() === 2
);

$value = is_array($value) ? head($value) : $value;
$value = $this->scalarValue($value);

if ($value instanceof DateTimeInterface) {
$value = $value->format('m');
Expand Down Expand Up @@ -1593,7 +1604,7 @@ public function whereJsonLength($column, $operator, $value = null, $boolean = 'a
$this->wheres[] = compact('type', 'column', 'operator', 'value', 'boolean');

if (! $value instanceof Expression) {
$this->addBinding((int) $value);
$this->addBinding((int) $this->scalarValue($value));
Copy link
Contributor

@u01jmg3 u01jmg3 Jan 21, 2021
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this necessary as we are casting to an integer? I guess it could still help if an array is provided.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can’t really say. Casting an array into integer returns 1 - so there’s that. Really depends on what’s expected when one passes an array there.

}

return $this;
Expand Down Expand Up @@ -1742,7 +1753,7 @@ public function having($column, $operator = null, $value = null, $boolean = 'and
$this->havings[] = compact('type', 'column', 'operator', 'value', 'boolean');

if (! $value instanceof Expression) {
$this->addBinding(is_array($value) ? head($value) : $value, 'having');
$this->addBinding($this->scalarValue($value), 'having');
}

return $this;
Expand Down
5 changes: 5 additions & 0 deletions tests/Database/DatabaseQueryBuilderTest.php
View file
Open in desktop
Expand Up @@ -319,6 +319,11 @@ public function testWheresWithArrayValue()
$builder->select('*')->from('users')->where('id', '<>', [12, 30]);
$this->assertSame('select * from "users" where "id" <> ?', $builder->toSql());
$this->assertEquals([0 => 12], $builder->getBindings());

$builder = $this->getBuilder();
$builder->select('*')->from('users')->where('id', '=', [[12, 30]]);
$this->assertSame('select * from "users" where "id" = ?', $builder->toSql());
$this->assertEquals([0 => 12], $builder->getBindings());
}

public function testMySqlWrappingProtectsQuotationMarks()
Expand Down