1 Replies Last post: Jan 25, 2013 2:09 PM by Andriy Bazanov  
Holger Hinnendahl Newbie 1 posts since
Jan 25, 2013
Currently Being Moderated

Jan 25, 2013 12:04 PM

Question about Language Injection PHP -> MySQL CodeCompletion

Hi @all,

 

i have a question about the language injection in phpStorm.

I love the code completion in phpStorm, when writing a sql query with php. The code completion give me full access to all the tables and cols of my database.

But when im using a function in the query (for safe querys), i have to use the concatenation      operator "."

And now, the lovely code completion for language injections is gone for my query (see attached screenshot).

 

I have looked into the settings for the language injections, but i didnt understand the code:

+ phpLiteralExpression().withText(string().matchesBrics(" *(((SELECT|DELETE) .*FROM)|((INSERT|REPLACE) .*INTO)|(UPDATE .*SET)|((CREATE|DROP|ALTER) +(TABLE|INDEX))) .*"))

 

Is there any chance, to fix this?

The same happens, when writing HTML with PHP.

 

With this way, language injection works perfect for HTML code completion.

$output = '<div id="header">Some sample Text...</div>';

 

With this way, i have no code completion for the HTML code.

$var = 'Some sample Text...';

$output = '<div id="header">'.$var.'</div>';

 

Thanks and best regards,

Holger

Attachments:
Andriy Bazanov Master 4,194 posts since
May 28, 2010
Currently Being Moderated
Jan 25, 2013 2:09 PM in response to: Holger Hinnendahl
Re: Question about Language Injection PHP -> MySQL CodeCompletion

Hi Holger,

 

For that particular syntax (concatenation is used) -- NO. Please watch/vote this ticket to get notified when this will be supported: http://youtrack.jetbrains.com/issue/WI-534

 

Generally speaking I see 2 workarounds:

1) escape variables in advance:

 

be it the same variable

$var = safe($var);

$sql ="SELECT * FROM someTable WHERE (someField = {$var})";

or via intermediate variable (array):

$params['var1'] = safe($var);

$params['var2'] = safe($anotherVar);

$sql = "SELECT * FROM someTable WHERE (someField = '{$params['var1']}') AND (anotherField = '{$params['var2']}')";

 

2) if you are using such assignments inside some class, add such safe() function to it (or some sort of reference), so you can use it as you go. For example:

class SafeClass
{
    protected function safe($var)
    {
        // escape your text here
    }

 

    public function buildQuery($var)
    {
        $sql = "SELECT * FROM someTable WHERE (someField = '{$this->safe($var)}')";
        echo $sql;
    }
}

More Like This

  • Retrieving data ...