Skip to content

Fix: REPLACE() string function misidentified as write query #314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
swissspidy merged 1 commit into from
Mar 8, 2026
Merged

Fix: REPLACE() string function misidentified as write query #314

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/DB_Command.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -538,7 +538,7 @@ public function query( $args, $assoc_args ) {
$assoc_args['execute'] = $this->get_sql_mode_query( $assoc_args ) . $assoc_args['execute'];
}

$is_row_modifying_query = isset( $assoc_args['execute'] ) && preg_match( '/\b(UPDATE|DELETE|INSERT|REPLACE|LOAD DATA)\b/i', $assoc_args['execute'] );
$is_row_modifying_query = isset( $assoc_args['execute'] ) && preg_match( '/\b(UPDATE|DELETE|INSERT|REPLACE(?!\s*\()|LOAD DATA)\b/i', $assoc_args['execute'] );
Copy link

@gemini-code-assist gemini-code-assist bot Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

This is a good fix for the common case. However, this regex can still misidentify a query if there is a SQL comment between REPLACE and the opening parenthesis.

For example, a query like SELECT * FROM my_table WHERE col = REPLACE/* a comment */('a', 'b'); would be incorrectly flagged as a write query.

The negative lookahead (?!\s*\() doesn't account for comments. As a result, REPLACE is matched, and the bug's symptom (swallowing SELECT output) would persist for this edge case.

Handling all SQL comment styles (--, #, /* ... */) could make the regex very complex. It's a trade-off between correctness for all edge cases and regex simplicity. Given the context, you might decide the current level of fix is sufficient, but I wanted to point out this remaining scenario.


if ( $is_row_modifying_query ) {
$assoc_args['execute'] .= '; SELECT ROW_COUNT();';
Expand Down
Loading