I'm looking for a parsing engine (written in php) for SQL as understood by mysql. the engine should be able to deliver a structured tree output from the SQL so that, at least, the parameters and their values are individually identifiable.
I have googled quite a bit and found several hopefuls but none that actually fit the bill. Good starters are PEAR::SQL_Parser which is almost perfect but significantly buggy in that it does not handle brackets or HAVING clauses. another good looking starter was the sql parser within phpmyadmin but unfortunately the having clauses and where clauses are extracted whole rather than as individual tokens.
I can fix both of these issues (and will do so if no better solution appears) but i'd like to tap your knowledge fount for an alternative.
To give some colour to this issue: I am wanting to write a replacement to the db abstraction class within wordpress to make wordpress compatible with mdb2 and PDO supported databases. In the same breath I want to be able to rewrite incoming queries on the fly to use parameter placeholders and prepare->execute statements to improve the protection against sql injection attacks.
I have googled quite a bit and found several hopefuls but none that actually fit the bill. Good starters are PEAR::SQL_Parser which is almost perfect but significantly buggy in that it does not handle brackets or HAVING clauses. another good looking starter was the sql parser within phpmyadmin but unfortunately the having clauses and where clauses are extracted whole rather than as individual tokens.
I can fix both of these issues (and will do so if no better solution appears) but i'd like to tap your knowledge fount for an alternative.
To give some colour to this issue: I am wanting to write a replacement to the db abstraction class within wordpress to make wordpress compatible with mdb2 and PDO supported databases. In the same breath I want to be able to rewrite incoming queries on the fly to use parameter placeholders and prepare->execute statements to improve the protection against sql injection attacks.