Bug: Problem in "/system/Database/Query.php" function "compileBinds()"

[pbquet]

Describe the bug
Problem in "/system/Database/Query.php" -> function "compileBinds()" when a sql query has ":=" anywhere in "finalQueryString" and value to bind with "$hasNamedBinds".

a simplified example :

$this->builder->select('email');
$this->builder->select('@total:=(total+1)', false);

AND any bind value in where

$this->builder->where('id_base', 10);
$query = $this->builder->get();

In "compileBinds()", "$hasNamedBinds" becomes false because of ":=", so no "matchNamedBinds" and the resulting query is :

SELECT email, @total:=(total+1) WHERE `id_base` = :id_base:

instead of

SELECT email, @total:=(total+1) WHERE `id_base` = 10;

Of course I could directly use a complete sql string in

$query = $this->db->query('....');

but for my real complete query is complex, depending on many condition, and builder query is very useful in my case.

Why

strpos($sql, ':=') === false

is used in line "/system/Database/Query.php:371" ?

Or is there a another way not deleting this condition for $hasNamedBinds, and still use builder query ?

Thanks

CodeIgniter 4 version
4.0.4

Affected module(s)
/system/Database/Query.php function compileBinds()

Context

• Windows 10
• PHP version 7.3.15

[IrishTLR]

I have a similar issue but on the left side of line 371. a simple query of "Select concat(date_format(MyTime,'%H:%i'), ' - ', concat(firstName,' ',lastName)) from table" triggers the "strpos($sql, ':') !== false" part of the assignment.

Maybe as an alternative, only search for binds after the where clause by using the optional offset parameter of strpos but using stripos for the where part as it's case insensitive?

$hasNamedBinds = strpos($sql, ':',stripos($sql, 'where')) !== false && strpos($sql, ':=',stripos($sql, 'where')) === false;