Embedded SQL syntax error looks right to me...

The following statement is getting flagged with a syntax error:

$query = 'INSERT INTO saved_orders ('.implode(', ', array_keys($FieldArray)).') VALUES ('.implode(', ', array_values($FieldArray)).')';


I agree it might not be "elegant" but it is deserving of "<reference> expected, got '${'" with the red squiggle underlining the ' following the first (?

Matt

3 comments
Comment actions Permalink

Hi there,

I agree it might not be "elegant"

.. and not very safe (I, for example, have no idea how $FieldArray was made -- how it handles textual fields etc). Better use prepared statements with placeholders...

but it is deserving of "<reference> expected, got '${'" with the red squiggle underlining the ' following the first (?

Well .. from MySQL point of view it's a total mess. IDE still manages to treat SQL strings with PHP variables in it .. but not such rather complex concatenations...


Right now I may only suggest to tell IDE to treat this string either as plain string or just a Generic SQL (where only code/keywords highlighting works -- not checking for actual SQL errors)

$query = /** @lang Text */ 'INSERT INTO saved_orders ('.implode(', ', array_keys($FieldArray)).') VALUES ('.implode(', ', array_values($FieldArray)).')';

or

$query = /** @lang GenericSQL */ 'INSERT INTO saved_orders ('.implode(', ', array_keys($FieldArray)).') VALUES ('.implode(', ', array_values($FieldArray)).')';
0
Comment actions Permalink

Thanks for your response!

Better use prepared statements with placeholders...

This is on the roadmap. This isn't a public facing project so we feel there are bigger fish to fry before we clean up the database layer of the app.

Well .. from MySQL point of view it's a total mess. IDE still manages to treat SQL strings with PHP variables in it .. but not such rather complex concatenations...

I'm not sure why it counts as a total mess: Insert one or more fields with one or more values. Seems simple to me... unless I'm missing something... <honestly confused>

$query = /** @lang Text */ 'INSERT INTO saved_orders ('.implode(', ', array_keys($FieldArray)).') VALUES ('.implode(', ', array_values($FieldArray)).')';

If I do either of these then the code after the closing */ is getting pushed onto the next line... It works but it is a bit ugly. I'd prefer to put that on the previous line but then it fails to suppress the error.

$query = /** @lang GenericSQL */ 'INSERT INTO saved_orders ('.implode(', ', array_keys($FieldArray)).') VALUES ('.implode(', ', array_values($FieldArray)).')';

This version reduces the severity of the problem... It goes from being an error (red flagged) to a warning (yellow flagged) that the "SQL Dialect is not configured...". If I could globally supress the SQL Dialect warning (without affecting other warnings) I'd consider this solved.

Thanks again!

Matt

0
Comment actions Permalink
It goes from being an error (red flagged) to a warning (yellow flagged) that the "SQL Dialect is not configured...". If I could globally supress the SQL Dialect warning (without affecting other warnings) I'd consider this solved.

So ... just disable that inspection in Settings/Preferences -- there are not so many of them under SQL branch to find the one you need (can easily be found by its' name).

0

Please sign in to leave a comment.