From a4fadb218b938aa7314a7eef2220b1dba616be04 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sun, 23 Feb 2014 09:54:06 +0100
Subject: [PATCH] Fixed binding too many values to PDO statements

---
 src/Database.php          | 28 +++++++++++++++-------------
 src/Sql/SqlExpression.php | 15 ++++++---------
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/src/Database.php b/src/Database.php
index 3e528dbb..974d5dc3 100644
--- a/src/Database.php
+++ b/src/Database.php
@@ -24,19 +24,21 @@ class Database
 		}
 	}
 
-	protected static function makeStatement(SqlStatement $stmt)
+	protected static function convertStatement(SqlStatement $stmt)
 	{
 		try
 		{
-			$pdoStatement = self::$pdo->prepare($stmt->getAsString());
+			$stmtText = $stmt->getAsString();
+			$stmtPdo = self::$pdo->prepare($stmtText);
 			foreach ($stmt->getBindings() as $key => $value)
-				$pdoStatement->bindValue(is_numeric($key) ? $key + 1 : ltrim($key, ':'), $value);
+				if (strpos($stmtText, $key) !== false)
+					$stmtPdo->bindValue($key, $value);
 		}
 		catch (Exception $e)
 		{
-			throw new Exception('Problem with ' . $stmt->getAsString() . ' (' . $e->getMessage() . ')');
+			throw new Exception('Problem with ' . $stmt->getAsString() . ' creation (' . $e->getMessage() . ')');
 		}
-		return $pdoStatement;
+		return $stmtPdo;
 	}
 
 	public static function disconnect()
@@ -53,29 +55,29 @@ class Database
 	{
 		if (!self::connected())
 			throw new Exception('Database is not connected');
-		$statement = self::makeStatement($stmt);
+		$stmtPdo = self::convertStatement($stmt);
 		try
 		{
-			$statement->execute();
+			$stmtPdo->execute();
 		}
 		catch (Exception $e)
 		{
-			throw new Exception('Problem with ' . $stmt->getAsString() . ' (' . $e->getMessage() . ')');
+			throw new Exception('Problem with ' . $stmt->getAsString() . ' execution (' . $e->getMessage() . ')');
 		}
 		self::$queries []= $stmt;
-		return $statement;
+		return $stmtPdo;
 	}
 
 	public static function fetchOne(SqlStatement $stmt)
 	{
-		$statement = self::exec($stmt);
-		return $statement->fetch();
+		$stmtPdo = self::exec($stmt);
+		return $stmtPdo->fetch();
 	}
 
 	public static function fetchAll(SqlStatement $stmt)
 	{
-		$statement = self::exec($stmt);
-		return $statement->fetchAll();
+		$stmtPdo = self::exec($stmt);
+		return $stmtPdo->fetchAll();
 	}
 
 	public static function getLogs()
diff --git a/src/Sql/SqlExpression.php b/src/Sql/SqlExpression.php
index 13d1f9e4..8f5b2adc 100644
--- a/src/Sql/SqlExpression.php
+++ b/src/Sql/SqlExpression.php
@@ -14,14 +14,9 @@ abstract class SqlExpression
 
 	public function getBindings()
 	{
-		$stack = array_merge([], $this->subExpressions);
 		$bindings = $this->bindings;
-		while (!empty($stack))
-		{
-			$item = array_pop($stack);
-			$stack = array_merge($stack, $item->subExpressions);
-			$bindings = array_merge($bindings, $item->bindings);
-		}
+		foreach ($this->subExpressions as $subExpression)
+			$bindings = array_merge($bindings, $subExpression->getBindings());
 		return $bindings;
 	}
 
@@ -29,8 +24,10 @@ abstract class SqlExpression
 	{
 		if ($object instanceof SqlBinding)
 		{
-			$this->bind($object->getName(), $object->getValue());
-			return new SqlStringExpression($object->getName());
+			$expr =  new SqlStringExpression($object->getName());
+			$expr->bind($object->getName(), $object->getValue());
+			$this->subExpressions []= $expr;
+			return $expr;
 		}
 		else if ($object instanceof SqlExpression)
 		{