Wrong example code

[bolner]

Hello,
on the following line:

https://github.com/MonetDB/monetdb-php/blob/92435e835410c2ae088830c31583e4f3b5519188/examples/query.php#L25

the code escapes the whole query. Which doesn't make sense, and would ruin the query if it contained any special characters, like double quotes for identifiers, or single quotes for string.

The escaping is intended to be used for values (string, numeric, etc.) which are inserted into the code. For example:

$value = monetdb_escape_string("This is a 'sentence'.");

$res = monetdb_query($db, "
    select
        *
    from
        myTable
    where
        myValue like '%{$value}%'
    limit
        10
") or trigger_error(monetdb_last_error());

The other example is also interesting:

https://github.com/MonetDB/monetdb-php/blob/92435e835410c2ae088830c31583e4f3b5519188/examples/simple_query.php#L27

The code there escapes a whole query, received from a post. If a code executes posted queries, then it is probably a client program, through which the users can execute queries. If you escape those they only get ruined. Just execute the following query with escaped single quotes on the console:

sql>select * from sys.tables where name = \'\';
more>

As you can see the quote became open. Syntax error. Escaping is only for values inserted into single quotes in a query, but not for whole queries.