Merge pull request #6750 from michalsn/fix/preparedQuery

kenjis · web-flow · commit 0e3d5cc608e9 · 2022-11-01T08:10:41.000+09:00
fix: BasePreparedQuery class to return boolean values for write-type queries
diff --git a/system/Database/BasePreparedQuery.php b/system/Database/BasePreparedQuery.php
@@ -111,28 +111,74 @@ abstract public function _prepare(string $sql, array $options = []);
      * Takes a new set of data and runs it against the currently
      * prepared query. Upon success, will return a Results object.
      *
-     * @return ResultInterface
+     * @return bool|ResultInterface
+     *
+     * @throws DatabaseException
      */
     public function execute(...$data)
     {
         // Execute the Query.
         $startTime = microtime(true);
 
         try {
-            $this->_execute($data);
-        } catch (ArgumentCountError|ErrorException $e) {
-            throw new DatabaseException($e->getMessage(), $e->getCode(), $e);
+            $exception = null;
+            $result    = $this->_execute($data);
+        } catch (ArgumentCountError|ErrorException $exception) {
+            $result = false;
         }
 
         // Update our query object
         $query = clone $this->query;
         $query->setBinds($data);
 
+        if ($result === false) {
+            $query->setDuration($startTime, $startTime);
+
+            // This will trigger a rollback if transactions are being used
+            if ($this->db->transDepth !== 0) {
+                $this->db->transStatus = false;
+            }
+
+            if ($this->db->DBDebug) {
+                // We call this function in order to roll-back queries
+                // if transactions are enabled. If we don't call this here
+                // the error message will trigger an exit, causing the
+                // transactions to remain in limbo.
+                while ($this->db->transDepth !== 0) {
+                    $transDepth = $this->db->transDepth;
+                    $this->db->transComplete();
+
+                    if ($transDepth === $this->db->transDepth) {
+                        log_message('error', 'Database: Failure during an automated transaction commit/rollback!');
+                        break;
+                    }
+                }
+
+                // Let others do something with this query.
+                Events::trigger('DBQuery', $query);
+
+                if ($exception !== null) {
+                    throw new DatabaseException($exception->getMessage(), $exception->getCode(), $exception);
+                }
+
+                return false;
+            }
+
+            // Let others do something with this query.
+            Events::trigger('DBQuery', $query);
+
+            return false;
+        }
+
         $query->setDuration($startTime);
 
         // Let others do something with this query
         Events::trigger('DBQuery', $query);
 
+        if ($this->db->isWriteType($query)) {
+            return true;
+        }
+
         // Return a result object
         $resultClass = str_replace('PreparedQuery', 'Result', static::class);
 
diff --git a/system/Database/MySQLi/PreparedQuery.php b/system/Database/MySQLi/PreparedQuery.php
@@ -15,6 +15,7 @@
 use CodeIgniter\Database\BasePreparedQuery;
 use CodeIgniter\Database\Exceptions\DatabaseException;
 use mysqli;
+use mysqli_sql_exception;
 use mysqli_stmt;
 
 /**
@@ -33,10 +34,8 @@ class PreparedQuery extends BasePreparedQuery
      *
      * @param array $options Passed to the connection's prepare statement.
      *                       Unused in the MySQLi driver.
-     *
-     * @return mixed
      */
-    public function _prepare(string $sql, array $options = [])
+    public function _prepare(string $sql, array $options = []): PreparedQuery
     {
         // Mysqli driver doesn't like statements
         // with terminating semicolons.
@@ -81,11 +80,19 @@ public function _execute(array $data): bool
         // Bind it
         $this->statement->bind_param($bindTypes, ...$data);
 
-        return $this->statement->execute();
+        try {
+            return $this->statement->execute();
+        } catch (mysqli_sql_exception $e) {
+            if ($this->db->DBDebug) {
+                throw new DatabaseException($e->getMessage(), $e->getCode(), $e);
+            }
+
+            return false;
+        }
     }
 
     /**
-     * Returns the result object for the prepared query.
+     * Returns the result object for the prepared query or false on failure.
      *
      * @return mixed
      */
@@ -95,7 +102,7 @@ public function _getResult()
     }
 
     /**
-     * Deallocate prepared statements
+     * Deallocate prepared statements.
      */
     protected function _close(): bool
     {
diff --git a/system/Database/OCI8/PreparedQuery.php b/system/Database/OCI8/PreparedQuery.php
@@ -43,10 +43,8 @@ class PreparedQuery extends BasePreparedQuery
      *
      * @param array $options Passed to the connection's prepare statement.
      *                       Unused in the OCI8 driver.
-     *
-     * @return mixed
      */
-    public function _prepare(string $sql, array $options = [])
+    public function _prepare(string $sql, array $options = []): PreparedQuery
     {
         if (! $this->statement = oci_parse($this->db->connID, $this->parameterize($sql))) {
             $error             = oci_error($this->db->connID);
@@ -73,11 +71,8 @@ public function _execute(array $data): bool
             throw new BadMethodCallException('You must call prepare before trying to execute a prepared statement.');
         }
 
-        $lastKey = 0;
-
         foreach (array_keys($data) as $key) {
             oci_bind_by_name($this->statement, ':' . $key, $data[$key]);
-            $lastKey = $key;
         }
 
         $result = oci_execute($this->statement, $this->db->commitMode);
@@ -90,7 +85,7 @@ public function _execute(array $data): bool
     }
 
     /**
-     * Returns the result object for the prepared query.
+     * Returns the statement resource for the prepared query or false when preparing failed.
      *
      * @return mixed
      */
@@ -100,7 +95,7 @@ public function _getResult()
     }
 
     /**
-     * Deallocate prepared statements
+     * Deallocate prepared statements.
      */
     protected function _close(): bool
     {
diff --git a/system/Database/Postgre/PreparedQuery.php b/system/Database/Postgre/PreparedQuery.php
@@ -51,11 +51,9 @@ class PreparedQuery extends BasePreparedQuery
      * @param array $options Passed to the connection's prepare statement.
      *                       Unused in the MySQLi driver.
      *
-     * @return mixed
-     *
      * @throws Exception
      */
-    public function _prepare(string $sql, array $options = [])
+    public function _prepare(string $sql, array $options = []): PreparedQuery
     {
         $this->name = (string) random_int(1, 10_000_000_000_000_000);
 
@@ -93,7 +91,7 @@ public function _execute(array $data): bool
     }
 
     /**
-     * Returns the result object for the prepared query.
+     * Returns the result object for the prepared query or false on failure.
      *
      * @return mixed
      */
@@ -103,7 +101,7 @@ public function _getResult()
     }
 
     /**
-     * Deallocate prepared statements
+     * Deallocate prepared statements.
      */
     protected function _close(): bool
     {
diff --git a/system/Database/PreparedQueryInterface.php b/system/Database/PreparedQueryInterface.php
@@ -25,7 +25,7 @@ interface PreparedQueryInterface
      * Takes a new set of data and runs it against the currently
      * prepared query. Upon success, will return a Results object.
      *
-     * @return ResultInterface
+     * @return bool|ResultInterface
      */
     public function execute(...$data);
 
diff --git a/system/Database/SQLSRV/PreparedQuery.php b/system/Database/SQLSRV/PreparedQuery.php
@@ -14,7 +14,6 @@
 use BadMethodCallException;
 use CodeIgniter\Database\BasePreparedQuery;
 use CodeIgniter\Database\Exceptions\DatabaseException;
-use Exception;
 
 /**
  * Prepared query for Postgre
@@ -51,11 +50,9 @@ public function __construct(Connection $db)
      *
      * @param array $options Options takes an associative array;
      *
-     * @return mixed
-     *
-     * @throws Exception
+     * @throws DatabaseException
      */
-    public function _prepare(string $sql, array $options = [])
+    public function _prepare(string $sql, array $options = []): PreparedQuery
     {
         // Prepare parameters for the query
         $queryString = $this->getQueryString();
@@ -112,15 +109,15 @@ public function _getResult()
     }
 
     /**
-     * Deallocate prepared statements
+     * Deallocate prepared statements.
      */
     protected function _close(): bool
     {
         return sqlsrv_free_stmt($this->statement);
     }
 
     /**
-     * Handle parameters
+     * Handle parameters.
      */
     protected function parameterize(string $queryString): array
     {
diff --git a/system/Database/SQLite3/PreparedQuery.php b/system/Database/SQLite3/PreparedQuery.php
@@ -40,10 +40,8 @@ class PreparedQuery extends BasePreparedQuery
      *
      * @param array $options Passed to the connection's prepare statement.
      *                       Unused in the MySQLi driver.
-     *
-     * @return $this
      */
-    public function _prepare(string $sql, array $options = [])
+    public function _prepare(string $sql, array $options = []): PreparedQuery
     {
         if (! ($this->statement = $this->db->connID->prepare($sql))) {
             $this->errorCode   = $this->db->connID->lastErrorCode();
@@ -87,7 +85,7 @@ public function _execute(array $data): bool
     }
 
     /**
-     * Returns the result object for the prepared query.
+     * Returns the result object for the prepared query or false on failure.
      *
      * @return mixed
      */
@@ -97,7 +95,7 @@ public function _getResult()
     }
 
     /**
-     * Deallocate prepared statements
+     * Deallocate prepared statements.
      */
     protected function _close(): bool
     {
diff --git a/tests/system/Database/Live/PreparedQueryTest.php b/tests/system/Database/Live/PreparedQueryTest.php
diff --git a/user_guide_src/source/changelogs/v4.3.0.rst b/user_guide_src/source/changelogs/v4.3.0.rst
diff --git a/user_guide_src/source/database/queries.rst b/user_guide_src/source/database/queries.rst

Original file line number	Diff line number	Diff line change
`@@ -43,10 +43,8 @@ class PreparedQuery extends BasePreparedQuery`
`43`	`43`	`*`
`44`	`44`	`* @param array $options Passed to the connection's prepare statement.`
`45`	`45`	`* Unused in the OCI8 driver.`
`46`		`- *`
`47`		`- * @return mixed`
`48`	`46`	`*/`
`49`		`- public function _prepare(string $sql, array $options = [])`
	`47`	`+ public function _prepare(string $sql, array $options = []): PreparedQuery`
`50`	`48`	`{`
`51`	`49`	`if (! $this->statement = oci_parse($this->db->connID, $this->parameterize($sql))) {`
`52`	`50`	`$error = oci_error($this->db->connID);`
`@@ -73,11 +71,8 @@ public function _execute(array $data): bool`
`73`	`71`	`throw new BadMethodCallException('You must call prepare before trying to execute a prepared statement.');`
`74`	`72`	`}`
`75`	`73`
`76`		`- $lastKey = 0;`
`77`		`-`
`78`	`74`	`foreach (array_keys($data) as $key) {`
`79`	`75`	`oci_bind_by_name($this->statement, ':' . $key, $data[$key]);`
`80`		`- $lastKey = $key;`
`81`	`76`	`}`
`82`	`77`
`83`	`78`	`$result = oci_execute($this->statement, $this->db->commitMode);`
`@@ -90,7 +85,7 @@ public function _execute(array $data): bool`
`90`	`85`	`}`
`91`	`86`
`92`	`87`	`/**`
`93`		`- * Returns the result object for the prepared query.`
	`88`	`+ * Returns the statement resource for the prepared query or false when preparing failed.`
`94`	`89`	`*`
`95`	`90`	`* @return mixed`
`96`	`91`	`*/`
`@@ -100,7 +95,7 @@ public function _getResult()`
`100`	`95`	`}`
`101`	`96`
`102`	`97`	`/**`
`103`		`- * Deallocate prepared statements`
	`98`	`+ * Deallocate prepared statements.`
`104`	`99`	`*/`
`105`	`100`	`protected function _close(): bool`
`106`	`101`	`{`
Original file line number	Diff line number	Diff line change
`@@ -51,11 +51,9 @@ class PreparedQuery extends BasePreparedQuery`
`51`	`51`	`* @param array $options Passed to the connection's prepare statement.`
`52`	`52`	`* Unused in the MySQLi driver.`
`53`	`53`	`*`
`54`		`- * @return mixed`
`55`		`- *`
`56`	`54`	`* @throws Exception`
`57`	`55`	`*/`
`58`		`- public function _prepare(string $sql, array $options = [])`
	`56`	`+ public function _prepare(string $sql, array $options = []): PreparedQuery`
`59`	`57`	`{`
`60`	`58`	`$this->name = (string) random_int(1, 10_000_000_000_000_000);`
`61`	`59`
`@@ -93,7 +91,7 @@ public function _execute(array $data): bool`
`93`	`91`	`}`
`94`	`92`
`95`	`93`	`/**`
`96`		`- * Returns the result object for the prepared query.`
	`94`	`+ * Returns the result object for the prepared query or false on failure.`
`97`	`95`	`*`
`98`	`96`	`* @return mixed`
`99`	`97`	`*/`
`@@ -103,7 +101,7 @@ public function _getResult()`
`103`	`101`	`}`
`104`	`102`
`105`	`103`	`/**`
`106`		`- * Deallocate prepared statements`
	`104`	`+ * Deallocate prepared statements.`
`107`	`105`	`*/`
`108`	`106`	`protected function _close(): bool`
`109`	`107`	`{`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ interface PreparedQueryInterface`
`25`	`25`	`* Takes a new set of data and runs it against the currently`
`26`	`26`	`* prepared query. Upon success, will return a Results object.`
`27`	`27`	`*`
`28`		`- * @return ResultInterface`
	`28`	`+ * @return bool\|ResultInterface`
`29`	`29`	`*/`
`30`	`30`	`public function execute(...$data);`
`31`	`31`
Original file line number	Diff line number	Diff line change
`@@ -14,7 +14,6 @@`
`14`	`14`	`use BadMethodCallException;`
`15`	`15`	`use CodeIgniter\Database\BasePreparedQuery;`
`16`	`16`	`use CodeIgniter\Database\Exceptions\DatabaseException;`
`17`		`-use Exception;`
`18`	`17`
`19`	`18`	`/**`
`20`	`19`	`* Prepared query for Postgre`
`@@ -51,11 +50,9 @@ public function __construct(Connection $db)`
`51`	`50`	`*`
`52`	`51`	`* @param array $options Options takes an associative array;`
`53`	`52`	`*`
`54`		`- * @return mixed`
`55`		`- *`
`56`		`- * @throws Exception`
	`53`	`+ * @throws DatabaseException`
`57`	`54`	`*/`
`58`		`- public function _prepare(string $sql, array $options = [])`
	`55`	`+ public function _prepare(string $sql, array $options = []): PreparedQuery`
`59`	`56`	`{`
`60`	`57`	`// Prepare parameters for the query`
`61`	`58`	`$queryString = $this->getQueryString();`
`@@ -112,15 +109,15 @@ public function _getResult()`
`112`	`109`	`}`
`113`	`110`
`114`	`111`	`/**`
`115`		`- * Deallocate prepared statements`
	`112`	`+ * Deallocate prepared statements.`
`116`	`113`	`*/`
`117`	`114`	`protected function _close(): bool`
`118`	`115`	`{`
`119`	`116`	`return sqlsrv_free_stmt($this->statement);`
`120`	`117`	`}`
`121`	`118`
`122`	`119`	`/**`
`123`		`- * Handle parameters`
	`120`	`+ * Handle parameters.`
`124`	`121`	`*/`
`125`	`122`	`protected function parameterize(string $queryString): array`
`126`	`123`	`{`
Original file line number	Diff line number	Diff line change
`@@ -40,10 +40,8 @@ class PreparedQuery extends BasePreparedQuery`
`40`	`40`	`*`
`41`	`41`	`* @param array $options Passed to the connection's prepare statement.`
`42`	`42`	`* Unused in the MySQLi driver.`
`43`		`- *`
`44`		`- * @return $this`
`45`	`43`	`*/`
`46`		`- public function _prepare(string $sql, array $options = [])`
	`44`	`+ public function _prepare(string $sql, array $options = []): PreparedQuery`
`47`	`45`	`{`
`48`	`46`	`if (! ($this->statement = $this->db->connID->prepare($sql))) {`
`49`	`47`	`$this->errorCode = $this->db->connID->lastErrorCode();`
`@@ -87,7 +85,7 @@ public function _execute(array $data): bool`
`87`	`85`	`}`
`88`	`86`
`89`	`87`	`/**`
`90`		`- * Returns the result object for the prepared query.`
	`88`	`+ * Returns the result object for the prepared query or false on failure.`
`91`	`89`	`*`
`92`	`90`	`* @return mixed`
`93`	`91`	`*/`
`@@ -97,7 +95,7 @@ public function _getResult()`
`97`	`95`	`}`
`98`	`96`
`99`	`97`	`/**`
`100`		`- * Deallocate prepared statements`
	`98`	`+ * Deallocate prepared statements.`
`101`	`99`	`*/`
`102`	`100`	`protected function _close(): bool`
`103`	`101`	`{`