?
Solved

I don't this this is a correct way of commenting out some SQL in PHP. Agree or disagree...?

Posted on 2016-09-16
4
Medium Priority
?
87 Views
Last Modified: 2016-09-16
I'm working on some code that has potentially several things amiss, but this is something I found and I want some other eyes on it. I don't know if this is a dealbreaker, but tell me what you think:

Here's the function as it looks currently...

function checkStatementWorthy($accountid){
    $sql = "select Account.* from Account (nolock)
    JOIN Practice (nolock) on Practice.Practiceid = Account.PracticeID
    Join Client (nolock) on Client.Clientid = Practice.ClientID
    Where dbo.ufn_AccountCurrentBalance(Account.AccountID) > 0
    --and Client.ClientStatusCode not in ('HD', 'ST')
    and Account.Accountid = $accountid";
	echo $sql;
    return pconnectdb($sql);
  }

Open in new window


Notice the line that is prefaced with "--." Now, I understand that works fine in MSSQL Studio, but after testing it with some other scenarios, it doesn't resonate in PHP as a "comment." Rather, it produces an error.

If I'm correct, I may very well be regarded as a hero in the workplace for figuring this puppy out.

Let me know if I need to get my cape...
0
Comment
Question by:brucegust
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 500 total points
ID: 41801850
Lol. In php you cn comment a line by preceeding it with a double slash so it is not so different.
I suspect you are not using an IDE or a good editor with syntax highlighting because if you did you would see immediately if a line is comment or code
I personally like and use Netbeans IDE
comments in Netbeans IDEIn my color scheme comments are in grey and you can recognize them immediately and easily.
0
 
LVL 44

Accepted Solution

by:
zephyr_hex (Megan) earned 1000 total points
ID: 41801859
In PHP-land, the query is just a string.  The "comment out" does not comment anything out in PHP-land in this case because PHP is not evaluating the string.  It's just assigning it to a variable.  PHP passes the string to SQL, and SQL will see "--" as a comment.  However... I'd be careful with this approach because it's not abundantly clear where the comment out terminates.   In fact, I believe SQL will ignore everything after the "--", including what looks like the next line in PHP.  The string doesn't contain carriage returns, if you look at in via var_dump:

sql

 Using "/*  stuff to comment out */ " would be a clearer approach.
And I don't see any errors being thrown in PHP in that string (there is an error with undefined function pconnectdb(), but I suspect that's because I'm only looking at a snippet)
0
 
LVL 84

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 500 total points
ID: 41801873
I would never send an SQL string with a 'comment' in PHP.  There is just no reason to do that.  You can always save that info elsewhere in a PHP comment if you need it.  

And you never know what the drivers are going to do with it.  The database drivers in PHP don't just pass on the string in a lot of cases.  They read it and may parse it to make it conform to whatever the communication requirements are.
0
 

Author Comment

by:brucegust
ID: 41802005
See, here's the thing:

      $querystate = "select * from email_header
      where id>3
      order by header_name
      ";

That works.

This, however...

      $querystate = "select * from email_header
      where id>3
      --order by header_name
      ";

...doesn't even fire.

I think that what I'm looking is a scenario where someone who's more in tune with T-SQL and MSSQL Studio was attempting to pop the hood on this page and made, what they thought was, an incremental edit, not knowing that it had the potential to be a dealbreaker.

Thanks!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question