Don't embed ito SQL strings with question marks

Fixes #175

lib/Database.php

@@ -165,7 +165,7 @@ class Database {
                     // nulls are pointless to have
                     continue;
                 } elseif (is_string($v)) {
-                    if (strlen($v) > self::LIMIT_SET_STRING_LENGTH) {
+                    if (strlen($v) > self::LIMIT_SET_STRING_LENGTH || strpos($v, "?") !== false) {
                         $clause[] = "?";
                         $params[] = $v;
                     } else {
@@ -205,7 +205,7 @@ class Database {
         assert(sizeof($cols) > 0, new Exception("arrayEmpty", "cols"));
         $embedSet = sizeof($terms) > ((int) (self::LIMIT_SET_SIZE / sizeof($cols)));
         foreach ($terms as $term) {
-            $embedTerm = ($embedSet && strlen($term) <= self::LIMIT_SET_STRING_LENGTH);
+            $embedTerm = ($embedSet && strlen($term) <= self::LIMIT_SET_STRING_LENGTH && strpos($term, "?") === false);
             $term = str_replace(["%", "_", "^"], ["^%", "^_", "^^"], $term);
             $term = "%$term%";
             $term = $embedTerm ? $this->db->literalString($term) : $term;

tests/cases/Database/TestDatabase.php

@@ -52,6 +52,7 @@ class TestDatabase extends \JKingWeb\Arsse\Test\AbstractTest {
             ["$stringList",        [],            array_merge($strings, [null]),        "str"],
             ["$stringList,?",      [$longString], array_merge($strings, [$longString]), "str"],
             ["$stringList,'A''s'", [],            array_merge($strings, ["A's"]),       "str"],
+            ["$stringList,?",      ["???"],       array_merge($strings, ["???"]),       "str"],
             ["$params",            $ints,         $ints,                                "bool"],
         ];
     }
@@ -74,6 +75,8 @@ class TestDatabase extends \JKingWeb\Arsse\Test\AbstractTest {
             ["(".implode(" or ", $clause).")",                            [],                $terms,                             ["test"],         true],
             ["(".implode(" and ", $clause).")",                           [],                $terms,                             ["test"],         false],
             ["(".implode(" or ", $clause)." or test like ? escape '^')",  ["%$longString%"], array_merge($terms, [$longString]), ["test"],         true],
+            ["(".implode(" or ", $clause)." or test like ? escape '^')",  ["%Eh?%"],         array_merge($terms, ["Eh?"]),       ["test"],         true],
+            ["(".implode(" or ", $clause)." or test like ? escape '^')",  ["%?%"],           array_merge($terms, ["?"]),         ["test"],         true],
         ];
     }
 }