Variables insert with extra $ in SQL strings

I have run into this issue quite a bit when working with multiline SQL strings, and am hoping someone knows how I can fix this. I have searched but not been able to find it mentioned elsewhere, so I'm inclined to believe this is more me doing something wrong rather than a bug.

In the following SQL, I get an extra $ when I use autocomplete:

$query = "SELECT title FROM books WHERE code=$$code";

In order to get autocomplete to display, I have to enter the leading $, but the $ does not get highlighted pink like the rest of the text I am typing, or like it would in PHP code outside the string, and when I select the variable from the list, it inserts a second $. I am used to autocomplete just working anywhere else, so occassionally I don't notice the extra $ and it slips through. Any advice on what settings or changes I can make to stop this from happening?

In case it is relevant, I am using SQL Syntax Only injection for the project.

1 comment
Comment actions Permalink

Hi there,

Known issue:

Possible workaround -- do not type initial $ -- invoke code completion popup manually (Ctrl+Space) and start typing variable name without dollar -- works for me. If you want to see only PHP stuff there and exclude any possible SQL-related items (keywords, tables, field name etc) use {} so the final result would be $query = "SELECT title FROM books WHERE code={$code}";


Please sign in to leave a comment.