Comments on: Beware of Comments in SQL

By: Eddie Awad

Eddie Awad — Mon, 15 Oct 2007 19:53:33 +0000

Good one Coskan. By the way, Gary and William, I have fixed the formatting in the comments, so the line breaks and the /* */ are preserved.

By: coskan

coskan — Mon, 15 Oct 2007 11:58:37 +0000

and what about this

http://coskan.wordpress.com/2007/04/23/oracle-idiosyncrasies-2/

By: Pythian Group Blog » Blog Archive » Log Buffer #66: a Carnival of the Vanities for DBAs

Fri, 12 Oct 2007 16:40:54 +0000

[…] Awad reminds us, beware of comments in SQL. Beware also of SQL injection. It is no laughing matter, I assure you. Nonetheless, Andrew Clarke […]

By: William Robertson

William Robertson — Wed, 10 Oct 2007 23:30:27 +0000

…only with the line breaks I posted left in…

By: William Robertson

William Robertson — Wed, 10 Oct 2007 23:29:22 +0000

Well, duh

Though it did remind me of the colleague who couldn’t work out why he got a “missing expression” error with something like this:

EXECUTE IMMEDIATE
‘SELECT –+ FULL(e) ‘ ||
‘ COUNT(*) ‘ ||
‘FROM emp e ‘ ||
‘WHERE e.empno = 42′ INTO v;

By: Eddie Awad

Eddie Awad — Wed, 10 Oct 2007 22:43:33 +0000

William, sure, if you want to be picky I can be even pickier: “Beware of double hyphen style comments in Oracle Forms LOV definitions”.

But, I can think of at least a couple of situations that have nothing to do with LOVs in Oracle Forms and where double hyphen style comments inside SQL can cause problems.

While debugging ColdFusion web applications, the SQL used in these applications is logged, usually as a long string with no line breaks. Having a double hyphen comment in the middle of it will cause a problem when trying to execute it as is. I usually need to edit the SQL first, which is a hassle. I think this is indirectly related to Gary’s comment above.

The second situation is, well, rather simple. For example:

SQL> select * from dual;

D
-
X

SQL> select * -- comment here from dual;
select * -- comment here from dual
                                 *
ERROR at line 1:
ORA-00923: FROM keyword not found where expected

SQL> select * /* comment here */ from dual;

D
-
X

Powel also shared an interesting thing about comments in SQL*Plus.

By: William Robertson

William Robertson — Wed, 10 Oct 2007 22:10:27 +0000

So you mean, “Beware of comments in Oracle Forms LOV definitions”? That’s not the same thing as “Beware of Comments in SQL”.

By: Eddie Awad

Eddie Awad — Wed, 10 Oct 2007 15:14:29 +0000

Matt, thanks for your tip too. I agree with you, hardcoding should be avoided. However, the query above is not the actual query that is used in the form. I just used a simple query here for demonstration purposes and to illustrate the problem that we faced.

By: Matt

Matt — Wed, 10 Oct 2007 14:14:34 +0000

Huh, I’ve never experienced that so thanks for the tip. However, the biggest sin he committed was hard-coding a value instead of referencing the block.field value. Think of the noobs who will see this and do the same.

By: Eddie Awad

Eddie Awad — Tue, 09 Oct 2007 22:30:53 +0000

Gary, right, it's better. The only disadvantage of the slash and asterisk commenting style is that it requires more typing than the double hyphen.

By the way, the stupid Markdown syntax ate the asterisks *. Sorry. I used the backslash \ to escape it.