Question about Language Injection PHP -> MySQL CodeCompletion

Hi @all,

i have a question about the language injection in phpStorm.
I love the code completion in phpStorm, when writing a sql query with php. The code completion give me full access to all the tables and cols of my database.
But when im using a function in the query (for safe querys), i have to use the concatenation      operator "."
And now, the lovely code completion for language injections is gone for my query (see attached screenshot).

I have looked into the settings for the language injections, but i didnt understand the code:
+ phpLiteralExpression().withText(string().matchesBrics(" *(((SELECT|DELETE) .*FROM)|((INSERT|REPLACE) .*INTO)|(UPDATE .*SET)|((CREATE|DROP|ALTER) +(TABLE|INDEX))) .*"))

Is there any chance, to fix this?
The same happens, when writing HTML with PHP.

With this way, language injection works perfect for HTML code completion.
$output = '<div id="header">Some sample Text...</div>';

With this way, i have no code completion for the HTML code.
$var = 'Some sample Text...';
$output = '<div id="header">'.$var.'</div>';

Thanks and best regards,

1 comment

Hi Holger,

For that particular syntax (concatenation is used) -- NO. Please watch/vote this ticket to get notified when this will be supported:

Generally speaking I see 2 workarounds:
1) escape variables in advance:

be it the same variable

$var = safe($var);
$sql ="SELECT * FROM someTable WHERE (someField = {$var})";

or via intermediate variable (array):

$params['var1'] = safe($var);
$params['var2'] = safe($anotherVar);
$sql = "SELECT * FROM someTable WHERE (someField = '{$params['var1']}') AND (anotherField = '{$params['var2']}')";

2) if you are using such assignments inside some class, add such safe() function to it (or some sort of reference), so you can use it as you go. For example:

class SafeClass
    protected function safe($var)
        // escape your text here

    public function buildQuery($var)
        $sql = "SELECT * FROM someTable WHERE (someField = '{$this->safe($var)}')";
        echo $sql;


Please sign in to leave a comment.