Comments (8)
I have tracked it down to
http://us3.php.net/manual/en/regexp.reference.subpatterns.php: "The maximum
number of captured substrings is 99, and the maximum number of all subpatterns,
both capturing and non-capturing, is 200." So the following string is the
smallest that will trigger a crash/timeout:
$test = str_repeat('0',202);
$sql = "'$test'";
And it's caused specifically by the tokenizer, as the following stand-alone
code demonstrates (it will hang if you run it):
$test = str_repeat('0',201);
$sql = "'$test'";
$sql = str_replace(array('\\\'','\\"',"\r\n","\n","()"),array("''",'""'," ","
"," "), $sql);
$regex=<<<EOREGEX
/(`(?:[^`]|``)`|[@A-Za-z0-9_.`-]+(?:\(\s*\)){0,1})
|(\+|-|\*|\/|!=|>=|<=|<>|>|<|&&|\|\||=|\^)
|(\(.*?\)) # Match FUNCTION(...) OR BAREWORDS
|('(?:[^']|'')*'+)
|("(?:[^"]|"")*"+)
|([^ ,]+)
/ix
EOREGEX
;
$tokens = preg_split($regex, $sql,-1, PREG_SPLIT_NO_EMPTY |
PREG_SPLIT_DELIM_CAPTURE);
Original comment by [email protected]
on 20 Oct 2011 at 3:35
from php-sql-parser.
Whoops that should read:
$test = str_repeat('0',202);
In the second stand-alone example.
Original comment by [email protected]
on 20 Oct 2011 at 3:35
from php-sql-parser.
Here's a simple fix. In the $regex in the parser (~line 168) in split_sql,
change the ' and " parts to have a + after the character classes:
|('(?:[^']+|'')*'+)
|("(?:[^"]+|"")*"+)
^ note the added '+' on both lines
This will cause everything inside the string and between '' and "" delimiters
to be immediately combined into a single match instead of each separate matches
thereby quickly reaching the 200 limit. Of course this will still break if you
have more than 200 context switches between data, '', data, '', etc. but
hopefully that should happen very, very, very rarely :-)
Hope this helps!
Original comment by [email protected]
on 20 Oct 2011 at 3:41
from php-sql-parser.
I can confirm that this exists and comment #3
(http://code.google.com/p/php-sql-parser/issues/detail?id=11#c3) does indeed
fix the issue.
Original comment by [email protected]
on 13 Jan 2012 at 2:28
from php-sql-parser.
solution (comment #3) added to current version on
http://www.phosco.info/php-sql-parser_current.zip
Original comment by [email protected]
on 2 Feb 2012 at 8:25
from php-sql-parser.
@[email protected]
Not added to current version- Current version has
|('(?:[^']|'')*'+)
|("(?:[^"]|"a")*"+)
Whereas solution has
|('(?:[^']+|'')*'+)
|("(?:[^"]+|"")*"+)
Original comment by [email protected]
on 5 Mar 2012 at 10:29
from php-sql-parser.
I have added a test with the code provided by jonny and it works. I have
changed the regular expression, so perhaps it works without your changes. Can
you provide a test code, which doesn't work?
Try the repository on https://www.phosco.info/publicsvn/php-sql-parser
I have no commit rights on the original codebase, so I have to provide the
changes on my own SVN.
Original comment by [email protected]
on 5 Mar 2012 at 12:08
from php-sql-parser.
Accepted fixed codebase.
Original comment by [email protected]
on 12 Mar 2012 at 9:54
- Changed state: Fixed
from php-sql-parser.
Related Issues (20)
- Unable to install using composer without svn binary HOT 4
- Use semantic versioning for tags/releases HOT 1
- Missing commas in reference builder HOT 4
- Upper case for AliasBuilder HOT 1
- Fails on comments HOT 3
- Creator can't handle SubQuery in Where clause HOT 2
- PHP Error when parsing SQL containing the REPLACE function HOT 6
- IFNULL(<Column Name>,<Value>) doesn't parsed properly HOT 1
- Can not calculate position of query exception HOT 8
- Position for CLAUSES HOT 8
- Unable to parse large complicated query (parenthesis problem)
- UNION Issues
- Fatal Error, undefined method HOT 1
- Alias for a function without parameters forgotten
- Parser throws uninitialized offsets warning when "REPLACE" MySQL function used in SELECT clause
- join with to_number in on clause HOT 1
- Keywords problem
- Problem with parser and datatables
- Export project to Github HOT 2
- If condition contains alias name , the type is returned as function
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from php-sql-parser.