fix: support PDOStatement subclasses in PdoStatementExecuteMethodRule (#773)

Co-authored-by: Etienne V. Labelle <evaillancourt@vaielab.com>
Co-authored-by: Markus Staab <markus.staab@redaxo.de>

Author: 3 people

src/Rules/PdoStatementExecuteMethodRule.php

@@ -15,6 +15,7 @@
 use PHPStan\Type\Constant\ConstantArrayType;
 use PHPStan\Type\Constant\ConstantIntegerType;
 use PHPStan\Type\Constant\ConstantStringType;
+use PHPStan\Type\ObjectType;
 use staabm\PHPStanDba\PdoReflection\PdoStatementReflection;
 use staabm\PHPStanDba\QueryReflection\PlaceholderValidation;
 use staabm\PHPStanDba\QueryReflection\QueryReflection;
@@ -38,16 +39,17 @@ public function processNode(Node $methodCall, Scope $scope): array
             return [];
         }
 
-        $methodReflection = $scope->getMethodReflection($scope->getType($methodCall->var), $methodCall->name->toString());
+        $varType = $scope->getType($methodCall->var);
+        $methodReflection = $scope->getMethodReflection($varType, $methodCall->name->toString());
         if (null === $methodReflection) {
             return [];
         }
 
-        if (PDOStatement::class !== $methodReflection->getDeclaringClass()->getName()) {
+        if ('execute' !== strtolower($methodReflection->getName())) {
             return [];
         }
 
-        if ('execute' !== strtolower($methodReflection->getName())) {
+        if (! (new ObjectType(PDOStatement::class))->isSuperTypeOf($varType)->yes()) {
             return [];
         }
 

tests/default/Fixture/MyPdoStatement.php

@@ -0,0 +1,13 @@
+<?php
+
+declare(strict_types=1);
+
+namespace staabm\PHPStanDba\Tests\Fixture;
+
+class MyPdoStatement extends \PDOStatement
+{
+    public function execute(?array $params = null): bool
+    {
+        return parent::execute($params);
+    }
+}

tests/rules/PdoStatementExecuteMethodRuleTest.php

@@ -131,4 +131,22 @@ public function testPlaceholderBug(): void
             ],
         ]);
     }
+
+    public function testSubclassedPdoStatement(): void
+    {
+        $this->analyse([__DIR__ . '/data/pdo-stmt-execute-subclassed.php'], [
+            [
+                'Query expects placeholder :adaid, but it is missing from values given.',
+                14,
+            ],
+            [
+                'Value :wrongParamName is given, but the query does not contain this placeholder.',
+                14,
+            ],
+            [
+                'Query expects placeholder :adaid, but it is missing from values given.',
+                18,
+            ],
+        ]);
+    }
 }

tests/rules/data/pdo-stmt-execute-subclassed.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace PdoStatementExecuteSubclassedMethodRuleTest;
+
+use PDO;
+use staabm\PHPStanDba\Tests\Fixture\MyPdoStatement;
+
+class Foo
+{
+    public function errors(PDO $pdo): void
+    {
+        $stmt = $pdo->prepare('SELECT email, adaid FROM ada WHERE adaid = :adaid');
+        assert($stmt instanceof MyPdoStatement);
+        $stmt->execute(['wrongParamName' => 1]); // error: wrong param name
+
+        $stmt = $pdo->prepare('SELECT email, adaid FROM ada WHERE adaid = :adaid');
+        assert($stmt instanceof MyPdoStatement);
+        $stmt->execute(); // error: missing parameter
+    }
+
+    public function noErrors(PDO $pdo): void
+    {
+        $stmt = $pdo->prepare('SELECT email, adaid FROM ada WHERE adaid = :adaid');
+        assert($stmt instanceof MyPdoStatement);
+        $stmt->execute(['adaid' => 1]); // correct
+    }
+}