Open bolner opened 4 years ago
Hello,
Thanks for the reports. For a number of reasons it will take some time to go through them. If you prepare patches we will try to review them in a timely manner.
As a side note this repository is a mirror, that is we do not use it for development. The source is maintained at https://dev.monetdb.org/hg/monetdb-php/
@kutsurak Hi, thanks for the response. I've created another client library in the meantime: https://github.com/bolner/MonetDB-PHP-Deux
best, Tamas
Hey @bolner,
This is great. From a (very) brief look, and from the perspective of someone who doesn't know a lot of php, this looks good! Thank you very much for your effort.
best regards, Panos.
Hello,
there are some bugs in the
mapi_quote
function, which is responsible for escaping. Practically that function does nothing currently.https://github.com/MonetDB/monetdb-php/blob/92435e835410c2ae088830c31583e4f3b5519188/lib/php_mapi.inc#L796
Nearly all single quotes need to be replaced by double quotes. Just execute this in a console to see:
Then check the same with double quotes:
Etc. As you can see the single quote disables most of the escaping, except some, like
'\''
and'\\'
. So the code compares 2-character strings to single characters.Also, some characters are missing. For example the
%
wildcard character or the '\r' carriage return character.A proper implementation would have at least 3 requirements:
But that best would be to use query parameters (or prepared statements) and pass the parameters independently, outside of the query.