Static analysis of database access code is a real thing since phpstan-dba. Just stick to the rules and you will be covered:

use PDO;

class Foo
    public function fetchByAdaid(PDO $conn, int $adaid)
        $stmt = $pdo->prepare('SELECT email, adaid FROM ada WHERE adaid = ? and email = ?');

phpstan-dba will report

Query expects 2 placeholders, but 1 value is given.

The same is true for queries using named parameters:

use Doctrine\DBAL\Connection;

class Foo
    /** @return array{email: string, adaid: int} */
    public function fetchByEmail(Connection $conn, string $email)
        $query = 'SELECT email, adaid FROM ada WHERE email = :email');
        return $conn->fetchOne($query, ['wrongParamName' => $email]); 

phpstan-dba will report a few problems with this code:

Query expects placeholder :email, but it is missing from values given. Value :wrongParamName is given, but the query does not contain this placeholder.

Getting this kind of errors at static analysis time is a real time saver and helps you to spot errors in SQL queries early, without time consuming trial and error loops.

Read more

Please find more articles relatd to phpstan-dba and its featureset.

Found a bug? Please help improve this article.

Previous Post
Type inference for dynamic sql queries
Next Post
Check your sql queries for errors