Issue #1 : If query passed to PMA_SQP_parse() contains this '//' (without quotes) then all the alpha_* type tokens such as "alpha_identifier","alpha_reservedWord" etc. are detected as "alpha" causing incorrect parsing. '//' can appear as delimiter in queries. For e.g.
<?php echo "With //"; $query = 'CREATE TABLE x //'; var_dump(PMA_SQP_parse($query)); echo "Without //"; $query = 'CREATE TABLE x '; var_dump(PMA_SQP_parse($query)); ?>
Will generate this output : http://pastebin.com/RSQzKfNC
Issue #2 : PMA_SQP_parse() replaces all line endings in query passed to unix style (\n) and then parse without changing the actual query passed. It causes problem if query contains \r\n style line endings because the pos now gives wrong values (by 1 position) wrt to actual query. The error in pos gets accumulated with each such line ending. If someone wants to manipulate such query based on the pos values given by PMA_SQP_parse() it results in undesired behaviour because actual query and query parsed by it are different in terms of line endings and thus pos values are not applicable to actual query.