Documentation

PreparedSQLSniff extends Sniff
in package
uses WPDBTrait

FinalYes

Sniff for prepared SQL.

Makes sure that variables aren't directly interpolated into SQL statements.

Tags
link
https://developer.wordpress.org/coding-standards/wordpress-coding-standards/php/#formatting-sql-statements
since
0.8.0
since
0.13.0

Class name changed: this class is now namespaced.

since
1.0.0

This sniff has been moved from the WP category to the DB category.

Table of Contents

Properties

$end  : int
The loop end marker.
$i  : int
A loop pointer.
$methods  : array<string, bool>
The lists of $wpdb methods.
$phpcsFile  : File
The current file being sniffed.
$tokens  : array<string|int, mixed>
The list of tokens in the current file being sniffed.
$ignored_tokens  : array<string|int, mixed>
Tokens that we don't flag when they are found in a $wpdb method call.
$SQLAutoEscapedFunctions  : array<string, bool>
Functions whose output is automatically escaped for use in SQL queries.
$SQLEscapingFunctions  : array<string, bool>
Functions that escape values for use in SQL queries.

Methods

process()  : int|void
Set sniff properties and hand off to child class for processing of the token.
process_token()  : int|void
Processes this test, when one of its tokens is encountered.
register()  : array<string|int, mixed>
Returns an array of tokens this test wants to listen for.
is_wpdb_method_call()  : bool
Checks whether this is a call to a $wpdb method that we want to sniff.

Properties

$end

The loop end marker.

protected int $end

It is a property so that we can access it in all of our methods.

Tags
since
0.9.0

$i

A loop pointer.

protected int $i

It is a property so that we can access it in all of our methods.

Tags
since
0.9.0

$methods

The lists of $wpdb methods.

protected array<string, bool> $methods = array('get_var' => true, 'get_col' => true, 'get_row' => true, 'get_results' => true, 'prepare' => true, 'query' => true)
Tags
since
0.8.0
since
0.11.0

Changed from static to non-static.

$phpcsFile

The current file being sniffed.

protected File $phpcsFile
Tags
since
0.4.0

$tokens

The list of tokens in the current file being sniffed.

protected array<string|int, mixed> $tokens
Tags
since
0.4.0

$ignored_tokens

Tokens that we don't flag when they are found in a $wpdb method call.

private array<string|int, mixed> $ignored_tokens = array(\T_STRING_CONCAT => true, \T_CONSTANT_ENCAPSED_STRING => true, \T_COMMA => true, \T_LNUMBER => true, \T_DNUMBER => true, \T_NS_SEPARATOR => true)

This token array is augmented from within the register() method.

Tags
since
0.9.0
since
3.0.0

The property visibility has changed from protected to private.

$SQLAutoEscapedFunctions

Functions whose output is automatically escaped for use in SQL queries.

private array<string, bool> $SQLAutoEscapedFunctions = array('count' => true)
Tags
since
0.9.0
since
0.11.0

Changed from public static to protected non-static.

since
3.0.0
  • Moved from the Sniff class to this class.
  • The property visibility has changed from protected to private.

$SQLEscapingFunctions

Functions that escape values for use in SQL queries.

private array<string, bool> $SQLEscapingFunctions = array('absint' => true, 'esc_sql' => true, 'floatval' => true, 'intval' => true, 'like_escape' => true)
Tags
since
0.9.0
since
0.11.0

Changed from public static to protected non-static.

since
3.0.0
  • Moved from the Sniff class to this class.
  • The property visibility has changed from protected to private.

Methods

process()

Set sniff properties and hand off to child class for processing of the token.

public process(File $phpcsFile, int $stackPtr) : int|void
Parameters
$phpcsFile : File

The file being scanned.

$stackPtr : int

The position of the current token in the stack passed in $tokens.

Tags
since
0.11.0
Return values
int|void

Integer stack pointer to skip forward or void to continue normal file processing.

process_token()

Processes this test, when one of its tokens is encountered.

public process_token(int $stackPtr) : int|void
Parameters
$stackPtr : int

The position of the current token in the stack.

Tags
since
0.8.0
Return values
int|void

Integer stack pointer to skip forward or void to continue normal file processing.

register()

Returns an array of tokens this test wants to listen for.

public register() : array<string|int, mixed>
Tags
since
0.8.0
Return values
array<string|int, mixed>

is_wpdb_method_call()

Checks whether this is a call to a $wpdb method that we want to sniff.

protected final is_wpdb_method_call(File $phpcsFile, int $stackPtr, array<string|int, mixed> $target_methods) : bool

If available in the class using this trait, the $methodPtr, $i and $end properties are automatically set to correspond to the start and end of the method call. The $i property is also set if this is not a method call but rather the use of a $wpdb property.

Parameters
$phpcsFile : File

The file being scanned.

$stackPtr : int

The index of the $wpdb variable.

$target_methods : array<string|int, mixed>

Array of methods. Key(s) should be method name in lowercase.

Tags
since
0.8.0
since
0.9.0

The return value is now always boolean. The $end and $i member vars are automatically updated.

since
0.14.0

Moved this method from the PreparedSQL sniff to the base WP sniff.

since
3.0.0
  • Moved from the Sniff class to this dedicated Trait. - The $phpcsFile parameter was added.

}

Return values
bool

Whether this is a $wpdb method call.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results