From f96946acfac6e21f1b6654e5fc26520da13026ff Mon Sep 17 00:00:00 2001
From: Chris Huber <chubes@extrachill.com>
Date: Sat, 7 Mar 2026 15:54:29 +0000
Subject: [PATCH] Fix REPLACE() string function being misidentified as write
 query

Use negative lookahead REPLACE(?!\s*\() instead of bare REPLACE to
distinguish the MySQL REPLACE() string function from the REPLACE INTO
(or bare REPLACE) DML write statement.

This avoids a false positive where SELECT queries containing REPLACE()
are routed through the write-query code path, causing their results
to be silently swallowed.

Fixes wp-cli/db-command#313
---
 src/DB_Command.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/DB_Command.php b/src/DB_Command.php
index 7409935c..245a10cd 100644
--- a/src/DB_Command.php
+++ b/src/DB_Command.php
@@ -538,7 +538,7 @@ public function query( $args, $assoc_args ) {
 			$assoc_args['execute'] = $this->get_sql_mode_query( $assoc_args ) . $assoc_args['execute'];
 		}
 
-		$is_row_modifying_query = isset( $assoc_args['execute'] ) && preg_match( '/\b(UPDATE|DELETE|INSERT|REPLACE|LOAD DATA)\b/i', $assoc_args['execute'] );
+		$is_row_modifying_query = isset( $assoc_args['execute'] ) && preg_match( '/\b(UPDATE|DELETE|INSERT|REPLACE(?!\s*\()|LOAD DATA)\b/i', $assoc_args['execute'] );
 
 		if ( $is_row_modifying_query ) {
 			$assoc_args['execute'] .= '; SELECT ROW_COUNT();';