1 Replies Last post: Jan 25, 2013 2:09 PM by Andriy Bazanov  
Holger Hinnendahl Newbie 1 posts since
Jan 25, 2013
Currently Being Moderated

Jan 25, 2013 12:04 PM

Question about Language Injection PHP -> MySQL CodeCompletion

Hi @all,


i have a question about the language injection in phpStorm.

I love the code completion in phpStorm, when writing a sql query with php. The code completion give me full access to all the tables and cols of my database.

But when im using a function in the query (for safe querys), i have to use the concatenation      operator "."

And now, the lovely code completion for language injections is gone for my query (see attached screenshot).


I have looked into the settings for the language injections, but i didnt understand the code:

+ phpLiteralExpression().withText(string().matchesBrics(" *(((SELECT|DELETE) .*FROM)|((INSERT|REPLACE) .*INTO)|(UPDATE .*SET)|((CREATE|DROP|ALTER) +(TABLE|INDEX))) .*"))


Is there any chance, to fix this?

The same happens, when writing HTML with PHP.


With this way, language injection works perfect for HTML code completion.

$output = '<div id="header">Some sample Text...</div>';


With this way, i have no code completion for the HTML code.

$var = 'Some sample Text...';

$output = '<div id="header">'.$var.'</div>';


Thanks and best regards,


Andriy Bazanov Master 5,100 posts since
May 28, 2010
Currently Being Moderated
Jan 25, 2013 2:09 PM in response to: Holger Hinnendahl
Re: Question about Language Injection PHP -> MySQL CodeCompletion

Hi Holger,


For that particular syntax (concatenation is used) -- NO. Please watch/vote this ticket to get notified when this will be supported: http://youtrack.jetbrains.com/issue/WI-534


Generally speaking I see 2 workarounds:

1) escape variables in advance:


be it the same variable

$var = safe($var);

$sql ="SELECT * FROM someTable WHERE (someField = {$var})";

or via intermediate variable (array):

$params['var1'] = safe($var);

$params['var2'] = safe($anotherVar);

$sql = "SELECT * FROM someTable WHERE (someField = '{$params['var1']}') AND (anotherField = '{$params['var2']}')";


2) if you are using such assignments inside some class, add such safe() function to it (or some sort of reference), so you can use it as you go. For example:

class SafeClass
    protected function safe($var)
        // escape your text here


    public function buildQuery($var)
        $sql = "SELECT * FROM someTable WHERE (someField = '{$this->safe($var)}')";
        echo $sql;

More Like This

  • Retrieving data ...