re-added prepared statement usage

Author: k00ni

src/PDOSQLiteAdapter.php

@@ -289,15 +289,15 @@ public function getNumberOfRows($sql)
         return $rowCount;
     }
 
-    public function simpleQuery(string $sql): bool
+    public function simpleQuery(string $sql, array $params = []): bool
     {
         // save query
         $this->queries[] = [
             'query' => $sql,
             'by_function' => 'simpleQuery',
         ];
 
-        $stmt = $this->db->prepare($sql);
+        $stmt = $this->db->prepare($sql, $params);
         $stmt->execute();
         $this->lastRowCount = $stmt->rowCount();
         $stmt->closeCursor();
@@ -345,21 +345,24 @@ public function insert(string $table, array $data): int
         $sql .= ') VALUES (';
 
         // add placeholders for each value; collect values
-        $values = [];
+        $placeholders = [];
+        $params = [];
         foreach ($data as $v) {
-            $values[] = '"'.$v.'"';
+            $placeholders[] = '?';
+            $params[] = $v;
         }
-        $sql .= implode(', ', $values);
+        $sql .= implode(', ', $placeholders);
 
         $sql .= ')';
 
         /*
          * SQL looks like the following now:
-         *
-         *      INSERT INTO foo (foo) ("bar")
+         *      INSERT INTO foo (bar) (?)
          */
 
-        $this->exec($sql);
+        // Setup and run prepared statement
+        $stmt = $this->db->prepare($sql);
+        $stmt->execute($params);
 
         return $this->db->lastInsertId();
     }

src/Rdf/Literal.php

@@ -32,10 +32,17 @@ public function __construct(
         ?string $datatype = null
     ) {
         $this->value = $value;
-        // TODO later check with feedback on
-        // https://github.com/sweetrdf/rdfInterface/issues/14
-        $this->lang = !empty($lang) ? $lang : null;
-        $this->datatype = $datatype ?? NamespaceHelper::NAMESPACE_XSD.'string';
+
+        /*
+         * @see https://www.w3.org/TR/rdf11-concepts/#section-Graph-Literal
+         */
+        if (!empty($lang)) {
+            $this->lang = $lang;
+            $this->datatype = 'http://www.w3.org/1999/02/22-rdf-syntax-ns#langString';
+        } else {
+            $this->lang = null;
+            $this->datatype = $datatype ?? NamespaceHelper::NAMESPACE_XSD.'string';
+        }
     }
 
     public function __toString(): string

src/Store/QueryHandler/DeleteQueryHandler.php

@@ -170,7 +170,7 @@ private function cleanTableReferences()
                                 LEFT JOIN g2t G ON G.t = T.t
                             WHERE G.t IS NULL';
             $sql .= ')';
-            $this->store->getDBObject()->simpleQuery($sql);
+            $this->store->getDBObject()->exec($sql);
         }
         /* check for unconnected graph refs */
         if ((1 == rand(1, 10))) {
@@ -185,7 +185,7 @@ private function cleanTableReferences()
                     LEFT JOIN triple T ON (T.t = G.t)
                     WHERE T.t IS NULL
                 ';
-                $this->store->getDBObject()->simpleQuery($sql);
+                $this->store->getDBObject()->exec($sql);
             }
         }
     }

src/Store/QueryHandler/LoadQueryHandler.php

@@ -349,9 +349,9 @@ public function checkSQLBuffers($force_write = 0, $reset_id_buffers = 0)
         foreach (['triple', 'g2t', 'id2val', 's2val', 'o2val'] as $tbl) {
             $buffer_size = isset($this->sql_buffers[$tbl]) ? 1 : 0;
             if ($buffer_size && $force_write) {
-                $this->store->getDBObject()->simpleQuery($this->sql_buffers[$tbl]);
+                $this->store->getDBObject()->exec($this->sql_buffers[$tbl]);
                 /* table error */
-                $error = $this->store->getDBObject()->getErrorMessage();
+                $this->store->getDBObject()->getErrorMessage();
                 unset($this->sql_buffers[$tbl]);
 
                 /* reset term id buffers */

src/Store/QueryHandler/SelectQueryHandler.php

@@ -33,7 +33,7 @@ public function runQuery($infos)
         $r = $this->getFinalQueryResult($q_sql, $tmp_tbl);
 
         /* remove intermediate results */
-        $this->store->getDBObject()->simpleQuery('DROP TABLE IF EXISTS '.$tmp_tbl);
+        $this->store->getDBObject()->exec('DROP TABLE IF EXISTS '.$tmp_tbl);
 
         return $r;
     }

tests/Integration/Rdf/TermsTest.php

@@ -23,6 +23,11 @@ public static function getDataFactory(): iDataFactory
         return new DataFactory();
     }
 
+    public function testLiteralFactory(): void
+    {
+        $this->markTestSkipped('Skipped for now. Wait until feedback/merge of https://github.com/sweetrdf/rdfInterface/pull/17.');
+    }
+
     public function testLiteralWith(): void
     {
         $this->markTestSkipped('Function to test not implemented yet.');

tests/Integration/Store/InMemoryStoreSqlite/Query/InsertIntoQueryTest.php

@@ -624,6 +624,15 @@ public function testMultipleInsertQueriesInDifferentGraphs()
         $this->assertEquals(3, \count($res['result']['rows']));
     }
 
+    public function testValueEscape()
+    {
+        $this->subjectUnderTest->query('INSERT INTO <http://graph1/> {<http://foo/1> <http://foo/2> \'"foobar";\' . }');
+        $this->subjectUnderTest->query('INSERT INTO <http://graph1/> {<http://foo/1> <http://foo/2> "\'foobar2\'" . }');
+
+        $res = $this->subjectUnderTest->query('SELECT * FROM <http://graph1/> WHERE {?s ?p ?o.}');
+        $this->assertEquals(2, \count($res['result']['rows']));
+    }
+
     /**
      * Adds bulk of triples to test behavior.
      * May take at least one second to finish.