Spec-Zone .ru
спецификации, руководства, описания, API

1.8.5.5. '--' as the Start of a Comment

Standard SQL uses the C syntax /* this is a comment */ for comments, and MySQL Server supports this syntax as well. MySQL also support extensions to this syntax that enable MySQL-specific SQL to be embedded in the comment, as described in Section 9.6, "Comment Syntax".

Standard SQL uses "--" as a start-comment sequence. MySQL Server uses "#" as the start comment character. MySQL Server 3.23.3 and up also supports a variant of the "--" comment style. That is, the "--" start-comment sequence must be followed by a space (or by a control character such as a newline). The space is required to prevent problems with automatically generated SQL queries that use constructs such as the following, where we automatically insert the value of the payment for payment: 

UPDATE account SET credit=credit-payment

Consider about what happens if payment has a negative value such as -1: 

UPDATE account SET credit=credit--1

credit--1 is a valid expression in SQL, but "--" is interpreted as the start of a comment, part of the expression is discarded. The result is a statement that has a completely different meaning than intended: 

UPDATE account SET credit=credit

The statement produces no change in value at all. This illustrates that permitting comments to start with "--" can have serious consequences.

Using our implementation requires a space following the "--" for it to be recognized as a start-comment sequence in MySQL Server 3.23.3 and newer. Therefore, credit--1 is safe to use.

Another safe feature is that the mysql command-line client ignores lines that start with "--".

The following information is relevant only if you are running a MySQL version earlier than 3.23.3:

If you have an SQL script in a text file that contains "--" comments, you should use the replace utility as follows to convert the comments to use "#" characters before executing the script: 

shell> replace " --" " #" <
        text-file-with-funny-comments.sql \         | mysql db_name

That is safer than executing the script in the usual way: 

shell> mysql db_name < text-file-with-funny-comments.sql

You can also edit the script file "in place" to change the "--" comments to "#" comments: 

shell> replace " --" " #" --
        text-file-with-funny-comments.sql

Change them back with this command: 

shell> replace " #" " --" --
        text-file-with-funny-comments.sql

See Section 4.8.2, "replace — A String-Replacement Utility".

Copyright © 1997, 2013, Oracle and/or its affiliates. All rights reserved.Legal Notices
Home