I don't this this is a correct way of commenting out some SQL in PHP. Agree or disagree...?

I'm working on some code that has potentially several things amiss, but this is something I found and I want some other eyes on it. I don't know if this is a dealbreaker, but tell me what you think:

Here's the function as it looks currently...

function checkStatementWorthy($accountid){
    $sql = "select Account.* from Account (nolock)
    JOIN Practice (nolock) on Practice.Practiceid = Account.PracticeID
    Join Client (nolock) on Client.Clientid = Practice.ClientID
    Where dbo.ufn_AccountCurrentBalance(Account.AccountID) > 0
    --and Client.ClientStatusCode not in ('HD', 'ST')
    and Account.Accountid = $accountid";
	echo $sql;
    return pconnectdb($sql);

Open in new window

Notice the line that is prefaced with "--." Now, I understand that works fine in MSSQL Studio, but after testing it with some other scenarios, it doesn't resonate in PHP as a "comment." Rather, it produces an error.

If I'm correct, I may very well be regarded as a hero in the workplace for figuring this puppy out.

Let me know if I need to get my cape...
brucegustPHP DeveloperAsked:
Who is Participating?
zephyr_hex (Megan)Connect With a Mentor DeveloperCommented:
In PHP-land, the query is just a string.  The "comment out" does not comment anything out in PHP-land in this case because PHP is not evaluating the string.  It's just assigning it to a variable.  PHP passes the string to SQL, and SQL will see "--" as a comment.  However... I'd be careful with this approach because it's not abundantly clear where the comment out terminates.   In fact, I believe SQL will ignore everything after the "--", including what looks like the next line in PHP.  The string doesn't contain carriage returns, if you look at in via var_dump:


 Using "/*  stuff to comment out */ " would be a clearer approach.
And I don't see any errors being thrown in PHP in that string (there is an error with undefined function pconnectdb(), but I suspect that's because I'm only looking at a snippet)
Marco GasiConnect With a Mentor FreelancerCommented:
Lol. In php you cn comment a line by preceeding it with a double slash so it is not so different.
I suspect you are not using an IDE or a good editor with syntax highlighting because if you did you would see immediately if a line is comment or code
I personally like and use Netbeans IDE
comments in Netbeans IDEIn my color scheme comments are in grey and you can recognize them immediately and easily.
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
I would never send an SQL string with a 'comment' in PHP.  There is just no reason to do that.  You can always save that info elsewhere in a PHP comment if you need it.  

And you never know what the drivers are going to do with it.  The database drivers in PHP don't just pass on the string in a lot of cases.  They read it and may parse it to make it conform to whatever the communication requirements are.
brucegustPHP DeveloperAuthor Commented:
See, here's the thing:

      $querystate = "select * from email_header
      where id>3
      order by header_name

That works.

This, however...

      $querystate = "select * from email_header
      where id>3
      --order by header_name

...doesn't even fire.

I think that what I'm looking is a scenario where someone who's more in tune with T-SQL and MSSQL Studio was attempting to pop the hood on this page and made, what they thought was, an incremental edit, not knowing that it had the potential to be a dealbreaker.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.