Solved

I don't this this is a correct way of commenting out some SQL in PHP. Agree or disagree...?

Posted on 2016-09-16
4
50 Views
Last Modified: 2016-09-16
I'm working on some code that has potentially several things amiss, but this is something I found and I want some other eyes on it. I don't know if this is a dealbreaker, but tell me what you think:

Here's the function as it looks currently...

function checkStatementWorthy($accountid){
    $sql = "select Account.* from Account (nolock)
    JOIN Practice (nolock) on Practice.Practiceid = Account.PracticeID
    Join Client (nolock) on Client.Clientid = Practice.ClientID
    Where dbo.ufn_AccountCurrentBalance(Account.AccountID) > 0
    --and Client.ClientStatusCode not in ('HD', 'ST')
    and Account.Accountid = $accountid";
	echo $sql;
    return pconnectdb($sql);
  }

Open in new window


Notice the line that is prefaced with "--." Now, I understand that works fine in MSSQL Studio, but after testing it with some other scenarios, it doesn't resonate in PHP as a "comment." Rather, it produces an error.

If I'm correct, I may very well be regarded as a hero in the workplace for figuring this puppy out.

Let me know if I need to get my cape...
0
Comment
Question by:brucegust
4 Comments
 
LVL 30

Assisted Solution

by:Marco Gasi
Marco Gasi earned 125 total points
ID: 41801850
Lol. In php you cn comment a line by preceeding it with a double slash so it is not so different.
I suspect you are not using an IDE or a good editor with syntax highlighting because if you did you would see immediately if a line is comment or code
I personally like and use Netbeans IDE
comments in Netbeans IDEIn my color scheme comments are in grey and you can recognize them immediately and easily.
0
 
LVL 42

Accepted Solution

by:
zephyr_hex earned 250 total points
ID: 41801859
In PHP-land, the query is just a string.  The "comment out" does not comment anything out in PHP-land in this case because PHP is not evaluating the string.  It's just assigning it to a variable.  PHP passes the string to SQL, and SQL will see "--" as a comment.  However... I'd be careful with this approach because it's not abundantly clear where the comment out terminates.   In fact, I believe SQL will ignore everything after the "--", including what looks like the next line in PHP.  The string doesn't contain carriage returns, if you look at in via var_dump:

sql

 Using "/*  stuff to comment out */ " would be a clearer approach.
And I don't see any errors being thrown in PHP in that string (there is an error with undefined function pconnectdb(), but I suspect that's because I'm only looking at a snippet)
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 125 total points
ID: 41801873
I would never send an SQL string with a 'comment' in PHP.  There is just no reason to do that.  You can always save that info elsewhere in a PHP comment if you need it.  

And you never know what the drivers are going to do with it.  The database drivers in PHP don't just pass on the string in a lot of cases.  They read it and may parse it to make it conform to whatever the communication requirements are.
0
 

Author Comment

by:brucegust
ID: 41802005
See, here's the thing:

      $querystate = "select * from email_header
      where id>3
      order by header_name
      ";

That works.

This, however...

      $querystate = "select * from email_header
      where id>3
      --order by header_name
      ";

...doesn't even fire.

I think that what I'm looking is a scenario where someone who's more in tune with T-SQL and MSSQL Studio was attempting to pop the hood on this page and made, what they thought was, an incremental edit, not knowing that it had the potential to be a dealbreaker.

Thanks!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now