From e878e0846861e7fe7f14e33d15240e603d007be1 Mon Sep 17 00:00:00 2001 From: Marc Reichel Date: Wed, 11 Mar 2026 11:11:13 +0100 Subject: [PATCH 1/5] #77 chore: Deprecate legacy methods in ConnectionInterface --- src/ConnectionInterface.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/ConnectionInterface.php b/src/ConnectionInterface.php index 1dfd3df2..0ca70460 100755 --- a/src/ConnectionInterface.php +++ b/src/ConnectionInterface.php @@ -43,7 +43,7 @@ interface ConnectionInterface extends DoctrineConnectionInterface * @throws QueryException * @return array> * - * @see fetchAllAssociative + * @deprecated Use {@see self::fetchAllAssociative()} instead. */ public function getPArray(string $query, array $params = [], ?int $start = null, ?int $end = null, bool $cache = true, array $escapes = []): array; @@ -61,7 +61,7 @@ public function getPArray(string $query, array $params = [], ?int $start = null, * @throws QueryException * @return array * - * @see fetchAssociative + * @deprecated Use {@see self::fetchAssociative()} instead. */ public function getPRow(string $query, array $params = [], int $number = 0, bool $cache = true, array $escapes = []): array; @@ -108,7 +108,8 @@ public function getGenerator(string $query, array $params = [], int $chunkSize = * @param list $escapes An array of booleans for each param, used to block the escaping of html-special chars. * If not passed, all params will be cleaned. * @throws QueryException - * @see executeStatement + * + * @deprecated Use {@see self::executeStatement()} instead. */ public function _pQuery(string $query, array $params = [], array $escapes = []): bool; From f65bdfca858b69620109f88a343782c58fbe5743 Mon Sep 17 00:00:00 2001 From: Marc Reichel Date: Wed, 11 Mar 2026 11:13:44 +0100 Subject: [PATCH 2/5] #77 fix: PHPStan --- src/Connection.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Connection.php b/src/Connection.php index a42310b8..a39d5ed8 100755 --- a/src/Connection.php +++ b/src/Connection.php @@ -1222,7 +1222,7 @@ public function getCacheSize(): int * An internal wrapper to dbsafeString, used to process a complete array of parameters * as used by prepared statements. * - * @param array $params + * @param array $params * @param list|false $escapes An array of boolean for each param, used to block the escaping of html-special chars. * If not passed, all params will be cleaned. * From 2e9257a21ed4cc27ab114ecf34d06020b24aac9d Mon Sep 17 00:00:00 2001 From: Marc Reichel Date: Wed, 11 Mar 2026 11:21:22 +0100 Subject: [PATCH 3/5] #77 fix: PHPStan --- src/Connection.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Connection.php b/src/Connection.php index a39d5ed8..0136a49f 100755 --- a/src/Connection.php +++ b/src/Connection.php @@ -1226,7 +1226,7 @@ public function getCacheSize(): int * @param list|false $escapes An array of boolean for each param, used to block the escaping of html-special chars. * If not passed, all params will be cleaned. * - * @return list + * @return list * * @see Db::dbsafeString($string, $htmlSpecialChars = true) */ From d49dcf353aed706102e5d0260a1a484427179808 Mon Sep 17 00:00:00 2001 From: Marc Reichel Date: Wed, 11 Mar 2026 11:30:19 +0100 Subject: [PATCH 4/5] #77 fix: PHPStan --- src/Connection.php | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/Connection.php b/src/Connection.php index 0136a49f..460c99e6 100755 --- a/src/Connection.php +++ b/src/Connection.php @@ -1226,7 +1226,7 @@ public function getCacheSize(): int * @param list|false $escapes An array of boolean for each param, used to block the escaping of html-special chars. * If not passed, all params will be cleaned. * - * @return list + * @return list * * @see Db::dbsafeString($string, $htmlSpecialChars = true) */ @@ -1246,6 +1246,10 @@ private function dbsafeParams(array $params, array | false $escapes = []): array continue; } + if ($param instanceof EscapeableParameterInterface) { + continue; + } + if ($escapes !== false) { if (isset($escapes[$key])) { $param = $this->dbsafeString($param, $escapes[$key], false); @@ -1263,7 +1267,11 @@ private function dbsafeParams(array $params, array | false $escapes = []): array /** * Makes a string db-safe. * - * @return ($input is float ? float : ($input is int ? int : ($input is bool ? int<0,1> : ($input is null ? null : ($input is scalar ? string : mixed))))) + * @template T + * + * @param T $input + * + * @return ($input is float ? float : ($input is int ? int : ($input is bool ? int<0,1> : ($input is null ? null : ($input is scalar ? string : ($input is Stringable ? string : T)))))) * @deprecated we need to get rid of this */ public function dbsafeString(mixed $input, bool $htmlSpecialChars = true, bool $addSlashes = true): mixed @@ -1285,6 +1293,10 @@ public function dbsafeString(mixed $input, bool $htmlSpecialChars = true, bool $ return $input; } + if ($input instanceof Stringable) { + return (string) $input; + } + // escape special chars if (is_scalar($input) && $htmlSpecialChars) { $input = html_entity_decode((string) $input, ENT_COMPAT, 'UTF-8'); From 80e893432dcc7cfd8ef525e7338c17d036e96b9f Mon Sep 17 00:00:00 2001 From: Marc Reichel Date: Wed, 11 Mar 2026 11:30:51 +0100 Subject: [PATCH 5/5] #77 fix: PHPStan --- src/EscapeableParameterInterface.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/EscapeableParameterInterface.php b/src/EscapeableParameterInterface.php index 9a2709f1..623d6122 100644 --- a/src/EscapeableParameterInterface.php +++ b/src/EscapeableParameterInterface.php @@ -13,8 +13,14 @@ namespace Artemeon\Database; +use Stringable; + interface EscapeableParameterInterface { public function isEscape(): bool; + + /** + * @return scalar|Stringable|null + */ public function getValue(): mixed; }