Merge pull request #5117 from kenjis/fix-5114

Fix query binding with two colons in query

Author: paulbalandan

system/Database/Query.php

@@ -269,17 +269,19 @@ public function getOriginalQuery(): string
     /**
      * Escapes and inserts any binds into the finalQueryString object.
      *
-     * @see https://regex101.com/r/EUEhay/4
+     * @see https://regex101.com/r/EUEhay/5
      */
     protected function compileBinds()
     {
         $sql = $this->finalQueryString;
 
-        $hasNamedBinds = preg_match('/:((?!=).+):/', $sql) === 1;
+        $hasBinds      = strpos($sql, $this->bindMarker) !== false;
+        $hasNamedBinds = ! $hasBinds
+            && preg_match('/:(?!=).+:/', $sql) === 1;
 
         if (empty($this->binds)
             || empty($this->bindMarker)
-            || (! $hasNamedBinds && strpos($sql, $this->bindMarker) === false)
+            || (! $hasNamedBinds && ! $hasBinds)
         ) {
             return;
         }

tests/system/Database/BaseQueryTest.php

@@ -238,6 +238,23 @@ public function testBindingAutoEscapesParameters()
         $this->assertSame($expected, $query->getQuery());
     }
 
+    /**
+     * @see https://github.com/codeigniter4/CodeIgniter4/issues/5114
+     */
+    public function testBindingWithTwoColons()
+    {
+        $query = new Query($this->db);
+
+        $query->setQuery(
+            "SELECT mytable.id, DATE_FORMAT(mytable.created_at,'%d/%m/%Y %H:%i:%s') AS created_at_uk FROM mytable WHERE mytable.id = ?",
+            [1]
+        );
+
+        $expected = "SELECT mytable.id, DATE_FORMAT(mytable.created_at,'%d/%m/%Y %H:%i:%s') AS created_at_uk FROM mytable WHERE mytable.id = 1";
+
+        $this->assertSame($expected, $query->getQuery());
+    }
+
     public function testNamedBinds()
     {
         $query = new Query($this->db);