doctrine · deeky666 · Jan 10, 2016 · Apr 26, 2015 · May 1, 2015 · deeky666
diff --git a/lib/Doctrine/DBAL/SQLParserUtils.php b/lib/Doctrine/DBAL/SQLParserUtils.php
@@ -32,7 +32,7 @@ class SQLParserUtils
     const NAMED_TOKEN      = '(?<!:):[a-zA-Z_][a-zA-Z0-9_]*';
 
     // Quote characters within string literals can be preceded by a backslash.
-    const ESCAPED_SINGLE_QUOTED_TEXT = "'(?:[^'\\\\]|\\\\'?)*'";
+    const ESCAPED_SINGLE_QUOTED_TEXT = "'(?:[^'\\\\]|\\\\'?|'')*'";
     const ESCAPED_DOUBLE_QUOTED_TEXT = '"(?:[^"\\\\]|\\\\"?)*"';
     const ESCAPED_BACKTICK_QUOTED_TEXT = '`(?:[^`\\\\]|\\\\`?)*`';
     const ESCAPED_BRACKET_QUOTED_TEXT = '\[(?:[^\]])*\]';

diff --git a/tests/Doctrine/Tests/DBAL/SQLParserUtilsTest.php b/tests/Doctrine/Tests/DBAL/SQLParserUtilsTest.php
@@ -59,6 +59,19 @@ public function dataGetPlaceholderPositions()
             array('SELECT foo::date as date FROM Foo WHERE bar > :start_date AND baz > :start_date', false, array(46 => 'start_date', 68 =>  'start_date')), // Ticket GH-259
             array('SELECT `d.ns:col_name` FROM my_table d WHERE `d.date` >= :param1', false, array(57 => 'param1')), // Ticket DBAL-552
             array('SELECT [d.ns:col_name] FROM my_table d WHERE [d.date] >= :param1', false, array(57 => 'param1')), // Ticket DBAL-552
+            array(
+<<<'SQLDATA'
+SELECT * FROM foo WHERE 
+bar = ':not_a_param1 ''":not_a_param2"'''
+OR bar=:a_param1
+OR bar=:a_param2||':not_a_param3'
+OR bar=':not_a_param4 '':not_a_param5'' :not_a_param6'
+OR bar=''
+OR bar=':a_param3
+SQLDATA
+                , false, array(74 => 'a_param1', 91 => 'a_param2', 191 => 'a_param3')
+            ),
+
         );
     }
 
@@ -340,6 +353,15 @@ public function dataExpandListParameters()
                 array(1, null),
                 array(\PDO::PARAM_INT, \PDO::PARAM_NULL)
             ),
+            // DBAL-1205 - Escaped single quotes SQL- and C-Style
+            array(
+                "SELECT * FROM Foo WHERE foo = :foo||''':not_a_param''\\'' OR bar = ''':not_a_param''\\'':bar",
+                array(':foo' => 1, ':bar' => 2),
+                array(':foo' => \PDO::PARAM_INT, 'bar' => \PDO::PARAM_INT),
+                'SELECT * FROM Foo WHERE foo = ?||\'\'\':not_a_param\'\'\\\'\' OR bar = \'\'\':not_a_param\'\'\\\'\'?',
+                array(1, 2),
+                array(\PDO::PARAM_INT, \PDO::PARAM_INT)
+            ),
         );
     }