PhpStorm 2017.2 Help

Running Injected SQL Statements

You can inject an SQL statement into a string literal and then run that statement:

  1. In the editor, place the cursor within the corresponding string literal.
  2. Do one of the following:
    • Press Ctrl+Enter.
    • Press Alt+Enter and select Run query in console.
    • Click intentionBulb and select Run query in console.
  3. If asked, select the database console to be used.
  4. If the statement contains parameters, specify the parameter values.

Configuring sprintf Format References

You can have PhpStorm recognize sprintf format references in injected SQL strings:

  1. Open the Settings / Preferences Dialog by pressing Ctrl+Alt+S or by choosing File | Settings for Windows and Linux or PhpStorm | Preferences for macOS. Expand the Tools node, and then click User Parameters under Database.
  2. Select the Enable in console and SQL files and Enable in string literals with SQL injection check boxes.
  3. In the Parameter Patterns list:
    1. Click the %\w+ pattern. PhpStorm expands a hidden area with the configuration settings for the pattern.
    2. Select the In scripts and In literals check boxes.
    3. Click the <Language> link and select PHP in the drop-down list.
Last modified: 28 November 2017

See Also