Bug: [QueryBuilder] unable to use regular expression inside a query using module class

[sandrocantagallo]

Describe the bug
If you use a regular expression inside a query C4 add ` and space unwanted.

CodeIgniter 4 version
^4

Affected module(s)
CodeIgniter\Model

Expected behavior, and steps to reproduce if appropriate
If you write a query like this:

 $result =   $this->select('REGEXP_SUBSTR(ral_anno,"[0-9]{1,2}([,.][0-9]{1,3})([,.][0-9]{1,3})") AS ral')
                    ->where("period", trim($period)."-01-01")
                    ->where("livello", trim($livello))
                    ->orderBy("ral", "DESC")
                    ->limit(1)
                    ->find();

the final result is:

SELECT REGEXP_SUBSTR(ral_anno, "[0-9]{1, 2}([, .`][0-9]{1`, 3})([, .`][0-9]{1`, 3})") AS ral
FROM `ob_human_resources`
WHERE `period` = '2018-01-01'
AND `livello` = 'V'
ORDER BY `ral` DESC

The problem is in regular expression:

[0-9]{1, 2}([, .][0-9]{1, 3})([, .][0-9]{1, 3}) -> this is not original one i write.

` and space are added

Following documentation i also try to add second parameter to select

 $result =   $this->select('REGEXP_SUBSTR(ral_anno,"[0-9]{1,2}([,.][0-9]{1,3})([,.][0-9]{1,3})") AS ral', false)
                    ->where("period", trim($period)."-01-01")
                    ->where("livello", trim($livello))
                    ->orderBy("ral", "DESC")
                    ->limit(1)
                    ->find();

the result is no ` and it's ok but space are also added:

SELECT REGEXP_SUBSTR(ral_anno, "[0-9]{1, 2}([, .][0-9]{1, 3})([, .][0-9]{1, 3})") AS ral
FROM `ob_human_resources`
WHERE `period` = '2018-01-01'
AND `livello` = 'V'
ORDER BY `ral` DESC

Context

• OS: Windows 10
• Web server Apache2
• PHP version 7.3

[sandrocantagallo]

The only way is the use of Regular Query as describe in documentation.

$result = $this->query("SELECT REGEXP_SUBSTR(ral_anno,\"[0-9]{1,2}([,.][0-9]{1,3})([,.][0-9]{1,3})\") AS ral, ral_anno FROM `ob_human_resources` WHERE period = '".$period."-01-01' AND livello LIKE '%".trim($livello)."%' ORDER BY ral DESC")->getResult();

Only in this way query work fine.

[paulbalandan]

Yes. A regular query call is your workaround for this. The issue arises when using a SELECT string with commas in it. CI4 will just blindly explode the string at the commas.

[iRedds]

At the moment, the problem has not yet been resolved.
I have two solutions.

1. Add the selectRaw(string $query) method, which will add a string without parsing or modifying it.
2. Use a wrapper class. Description here https://forum.codeigniter.com/thread-80720.html

[kenjis]

I think we need to make it clear what the second parameter $escape = falsemeans.

If I design it from the scratch, $escape = false means do nothing to the first parameter.
The current implementation modifies the first parameter even when $escape = false.
Why and what should it do?

$builder->select() accepts an optional second parameter. If you set it to false, CodeIgniter will not try to protect your field or table names. This is useful if you need a compound select statement where automatic escaping of fields may break them.
https://codeigniter4.github.io/CodeIgniter4/database/query_builder.html#select

[kenjis]

CI 3.1-stable:

$sql = $this->db->select('REGEXP_SUBSTR(ral_anno,"[0-9]{1,2}([,.][0-9]{1,3})([,.][0-9]{1,3})") AS ral', false)
            ->get_compiled_select('ob_human_resources');

SELECT REGEXP_SUBSTR(ral_anno, "[0-9]{1, 2}([, .][0-9]{1, 3})([, .][0-9]{1, 3})") AS ral
FROM "ob_human_resources"

[kenjis]

It seems that the parameter $escape of select() means whether to quote identifier (table name/column name) or not.

So if $escape is false, QB still have to handle DBPrefix and swapPre.

[kenjis]

I created a PR #5817
Your opinion is welcome.

[kenjis]

Fixed by #5817
https://codeigniter4.github.io/CodeIgniter4/database/query_builder.html#query-builder-select-rawsql