Fix SQL binding with $ not presented correctly in full query

[Krisell]

Background

In QueryCollector, preg_replace is used with a SQL parameter binding as the replacement variable, where dollar characters followed by an integer from 0–99 are interpreted as references to captures, and not displayed literally.

The issue

This causes the displayed query in Debugbar to be incorrect, even though the bindings are correct. See the image below for an example, where the bindings for firstName and lastName are presented incorrectly when displaying the full query.

The test included in this PR fails prior to the PR:

I noticed the problem while working with re-hashing passwords, since the bcrypt hash format is $2y$ROUNDS$SALT_HASH. I'm guessing this issue hasn't been noticed before since it is not very common in other cases to store $n values, for instance money is usually stored with the currency separately.

Solution

Add addcslashes($binding, '$') to escape any dollar signs and present these literally.