coder_review/includes/coder_review_sql.inc

   1 <?php
   2
   3 /**
   4  * @file
   5  * This include file implements coder functionality for SQL strings
   6  */
   7
   8 /**
   9  * Implements hook_reviews().
  10  */
  11 function coder_review_sql_reviews() {
  12   $table = '\{[A-Za-z_]+\}'; // table-regex
  13   $bad = '[A-Za-z_]+';
  14   $rules = array(
  15     // NOTE: this doesn't catch all non-upper case keywords, but is a good start
  16     array(
  17       '#type' => 'regex',
  18       '#value' => '^(select\s+.*\s+from\s+' . $table . '|insert\s+into\s+' . $table . '|update\s+' . $table . '\s+set|delete\s+from\s+' . $table . ')',
  19       '#source' => 'quote',
  20       '#warning' => 'SQL keywords should be upper case',
  21       '#case-sensitive' => TRUE,
  22       '#severity' => 'minor'
  23     ),
  24     array(
  25       '#type' => 'regex',
  26       '#value' => '^(select\s+.*\s+from\s+' . $bad . '|insert\s+into\s+' . $bad . '|update\s+' . $bad . '\s+set|delete\s+from\s' . $bad . ')',
  27       '#source' => 'quote',
  28       '#warning' => 'table names should be enclosed in {curly_brackets}',
  29       '#severity' => 'critical',
  30     ),
  31     array(
  32       '#type' => 'regex',
  33       '#value' => '^(select\s+.*\s+from\s+' . $table . '|insert\s+into\s+' . $table . '|update\s+' . $table . '\s+set|delete\s+from\s' . $table . ')\s+.*[Ll][Ii][Mm][Ii][Tt]\s[0-9]+',
  34       '#source' => 'quote',
  35       '#warning_callback' => '_coder_review_sql_db_query_range_warning',
  36     ),
  37     array(
  38       '#type' => 'regex',
  39       '#value' => '^(select\s+.*\s+from\s+' . $table . '|update\s+' . $table . '\s+set|delete\s+from\s' . $table . ')\s+.*!=',
  40       '#source' => 'quote',
  41       '#warning' => 'Use ANSI standard <> instead of !=',
  42     ),
  43     array(
  44       '#type' => 'regex',
  45       '#value' => '^(select\s+.*\s+from\s+' . $table . '\s+.+?=\s*`|insert\s+into\s+' . $table . '\s+.*?VALUES\s*(\(\s*`|\(.*?,\s*`)|update\s+' . $table . '\s+set\s+.*?=\s*`|delete\s+from\s' . $table . '\s+.*?=\s*`)',
  46       '#source' => 'quote',
  47       '#warning' => "Don't use back ticks to quote values as it is not compliant with ANSI SQL"
  48     ),
  49     array(
  50       '#type' => 'regex',
  51       '#source' => 'allphp',
  52       '#value' => 'db_query\s*\(\s*[\'"]select\s+count\s*\(\s*\*\s*\)\s+from\s+',
  53       '#warning_callback' => '_coder_review_sql_select_count_warning',
  54       '#severity' => 'minor',
  55     ),
  56   );
  57   $review = array(
  58     '#title' => t('Drupal SQL Standards'),
  59     '#rules' => $rules,
  60     '#description' => t('new review, so use with caution'),
  61   );
  62   return array('sql' => $review);
  63 }
  64
  65 /**
  66  * Define the warning callbacks
  67  */
  68
  69 function _coder_review_sql_db_query_range_warning() {
  70   return array(
  71     '#warning' => t('Use !db_query_range() instead of the SQL LIMIT clause',
  72       array(
  73         '!db_query_range' => theme('drupalapi', array('function' => 'db_query_range')),
  74       )
  75     ),
  76     '#link' => 'http://drupal.org/node/1395',
  77   );
  78 }
  79
  80 function _coder_review_sql_select_count_warning() {
  81   return array(
  82     '#warning' => t('You may not want to use SELECT COUNT(*), if all you want to do is check for the existance of any rows, rather than the actual number of rows.'),
  83     '#link' => 'http://drupal.org/node/224333#select_count',
  84   );
  85 }
  86