PhpStorm 2021.2 Help

User Parameters

Generally, only the question mark ? is treated as a parameter in SQL statements. On this page, you can specify which other characters and their sequences should be treated as parameters, and in which places.

The patterns for SQL parameters are specified by means of regular expressions.

Executing parameterized statements

If you have parameters in your statement, you must specify the values of the parameters before you execute the statement.

  • To execute a parameterized statement, click the Execute button the Execute button on the toolbar and enter values in the second column. Alternatively, to open the Parameters dialog, click the View Parameters button the View Parameters button.

    Execute a parametrized statement

Configure settings for user parameters

  • Open settings by pressing Ctrl+Alt+S and navigate to Tools | Database | User Parameters. See description of user parameters in the following table.

User parameters

Item

Description

Enable in query consoles and SQL files

Apply parameter patterns to SQL in SQL files and database consoles. You can limit the usage scope at the level of individual patterns.

If this checkbox is cleared, the patterns are not used in SQL files and consoles irrespective of the usage scope that is specified for individual patterns.

Enable in string literals with SQL injection

Apply parameter patterns to string literals injected with SQL. If necessary, you can limit the usage scope at the level of individual patterns.

If this checkbox is cleared, the patterns are not used in string literals irrespective of the usage scope that is specified for individual patterns.

Substitute inside SQL strings

Apply parameter patterns to string literals in the SQL code.

For example, consider the following code.

SELECT ${column_name} FROM actor WHERE actor_id='${actor_id}'

If the checkbox is cleared, PhpStorm will find only the column_name parameter in it. The actor_id parameter is treated as a string.

settings.substitute.inside.sql.strings

But if you select the Substitute inside SQL strings option, the actor_id parameter is treated as a user parameter.

settings.substitute.inside.sql.strings

Parameter patterns

List of parameter patterns and their usage scopes.

The patterns are specified using regular expressions. Values that start with a colon (:) or located in parentheses are treated as parameter names. The patterns available initially have the following meanings:

  • \?(\d+) - a question mark followed by one or more digits, for example, ?69 in which case 69 would be the parameter name.

  • %\w+ - % followed by one or more word characters, for example, %xyz.

    To have PhpStorm recognize sprintf format references in injected SQL strings:

    1. Click the %\w+ pattern. PhpStorm expands a hidden area with the configuration settings for the pattern.

    2. Select the In scripts and In literals checkboxes.

    3. Click the <Language> link and select PHP in the list.

  • \$\{([^$\{\}]*)\} - $, then {, then any character except $, { or } zero or more times, then }, for example, ${}, ${value}.

  • \$\(([^\)]+)\) - $, then (, then any character except ) one or more times, then ), for example, $(x).

  • \$(\w+)\$ - $, then one or more word characters, then $ again, for example, $x1$.

  • \#(\w+)\# - #, then one or more word characters, then # again, for example, #field_3#.

Use the Add button Alt+Insert, the Remove button Alt+Delete, the Previous Occurrence button Alt+Up and the Next Occurrence button Alt+Down to add, delete and reorder the patterns.

To edit a pattern or its usage scope, click the pattern and use the following controls:

  • In scripts: clear this checkbox if the pattern must not be used in SQL files and database consoles.

  • In literals: clear this checkbox if the pattern must not be used in string literals injected with SQL.

  • All languages: click the link and clear language checkboxes where you do not want to use the pattern.

Last modified: 14 September 2021