From fd43dfb08404ac638489b763d89e42e0244615eb Mon Sep 17 00:00:00 2001
From: Tadhg Boyle <tadhgsmboyle@gmail.com>
Date: Mon, 31 Oct 2022 09:26:03 -0400
Subject: [PATCH] Fix random instances of SQL queries having params repeated
 (#505)

* Fix random instances of SQL queries having params repeated

* Add test
---
 .../DataCollector/PDO/TracedStatement.php     |  6 +++++-
 tests/DebugBar/Tests/TracedStatementTest.php  | 21 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/DebugBar/DataCollector/PDO/TracedStatement.php b/src/DebugBar/DataCollector/PDO/TracedStatement.php
index c4eef46..7f11fde 100644
--- a/src/DebugBar/DataCollector/PDO/TracedStatement.php
+++ b/src/DebugBar/DataCollector/PDO/TracedStatement.php
@@ -123,7 +123,11 @@ class TracedStatement
             }
 
             $matchRule = "/({$marker}(?!\w))(?=(?:[^$quotationChar]|[$quotationChar][^$quotationChar]*[$quotationChar])*$)/";
-            for ($i = 0; $i <= mb_substr_count($sql, $k); $i++) {
+            $count = mb_substr_count($sql, $k);
+            if ($count < 1) {
+                $count = mb_substr_count($sql, $matchRule);
+            }
+            for ($i = 0; $i <= $count; $i++) {
                 $sql = preg_replace($matchRule, $v, $sql, 1);
             }
         }
diff --git a/tests/DebugBar/Tests/TracedStatementTest.php b/tests/DebugBar/Tests/TracedStatementTest.php
index a4da7ef..89b3b42 100644
--- a/tests/DebugBar/Tests/TracedStatementTest.php
+++ b/tests/DebugBar/Tests/TracedStatementTest.php
@@ -150,4 +150,25 @@ class TracedStatementTest extends DebugBarTestCase
         $result = $traced->getSqlWithParams();
         $this->assertEquals($expected, $result);
     }
+
+    /**
+     * Check that query parameters are being replaced only once
+     * @bugFix Before fix it: select * from
+     *                          `my_table` where `my_field` between
+     *                           <2018-01-01> and <2018-01-01>
+     * @return void
+     */
+    public function testParametersAreNotRepeated()
+    {
+        $query = 'select * from `my_table` where `my_field` between ? and ?';
+        $bindings = [
+            '2018-01-01',
+            '2020-09-01',
+        ];
+
+        $this->assertEquals(
+            'select * from `my_table` where `my_field` between <2018-01-01> and <2020-09-01>',
+            (new TracedStatement($query, $bindings))->getSqlWithParams()
+        );
+    }
 }