I don't this this is a correct way of commenting out some SQL in PHP. Agree or disagree...?

Posted on 2016-09-16
Last Modified: 2016-09-16
I'm working on some code that has potentially several things amiss, but this is something I found and I want some other eyes on it. I don't know if this is a dealbreaker, but tell me what you think:

Here's the function as it looks currently...

function checkStatementWorthy($accountid){
    $sql = "select Account.* from Account (nolock)
    JOIN Practice (nolock) on Practice.Practiceid = Account.PracticeID
    Join Client (nolock) on Client.Clientid = Practice.ClientID
    Where dbo.ufn_AccountCurrentBalance(Account.AccountID) > 0
    --and Client.ClientStatusCode not in ('HD', 'ST')
    and Account.Accountid = $accountid";
	echo $sql;
    return pconnectdb($sql);

Open in new window

Notice the line that is prefaced with "--." Now, I understand that works fine in MSSQL Studio, but after testing it with some other scenarios, it doesn't resonate in PHP as a "comment." Rather, it produces an error.

If I'm correct, I may very well be regarded as a hero in the workplace for figuring this puppy out.

Let me know if I need to get my cape...
Question by:brucegust
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 125 total points
ID: 41801850
Lol. In php you cn comment a line by preceeding it with a double slash so it is not so different.
I suspect you are not using an IDE or a good editor with syntax highlighting because if you did you would see immediately if a line is comment or code
I personally like and use Netbeans IDE
comments in Netbeans IDEIn my color scheme comments are in grey and you can recognize them immediately and easily.
LVL 43

Accepted Solution

zephyr_hex (Megan) earned 250 total points
ID: 41801859
In PHP-land, the query is just a string.  The "comment out" does not comment anything out in PHP-land in this case because PHP is not evaluating the string.  It's just assigning it to a variable.  PHP passes the string to SQL, and SQL will see "--" as a comment.  However... I'd be careful with this approach because it's not abundantly clear where the comment out terminates.   In fact, I believe SQL will ignore everything after the "--", including what looks like the next line in PHP.  The string doesn't contain carriage returns, if you look at in via var_dump:


 Using "/*  stuff to comment out */ " would be a clearer approach.
And I don't see any errors being thrown in PHP in that string (there is an error with undefined function pconnectdb(), but I suspect that's because I'm only looking at a snippet)
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
ID: 41801873
I would never send an SQL string with a 'comment' in PHP.  There is just no reason to do that.  You can always save that info elsewhere in a PHP comment if you need it.  

And you never know what the drivers are going to do with it.  The database drivers in PHP don't just pass on the string in a lot of cases.  They read it and may parse it to make it conform to whatever the communication requirements are.

Author Comment

ID: 41802005
See, here's the thing:

      $querystate = "select * from email_header
      where id>3
      order by header_name

That works.

This, however...

      $querystate = "select * from email_header
      where id>3
      --order by header_name

...doesn't even fire.

I think that what I'm looking is a scenario where someone who's more in tune with T-SQL and MSSQL Studio was attempting to pop the hood on this page and made, what they thought was, an incremental edit, not knowing that it had the potential to be a dealbreaker.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question