Define a constant instead of duplicating this literal "SQL STATEMENT" n times

  • ALM used: GitHub
  • CI system used (not sure)
  • Languages of the repository: PHP
  • Error observed: Define a constant instead of duplicating this literal "SQL STATEMENT" n times.
  • Steps to reproduce

Create a couple SQL Queries/Statements in PHP (later used with PDO) for example creating a bunch of tables.
You might end up with repeating TEXT NOT NULL or whatever you have to pass as table definitions like this example PHP MySQL Create Table

Just repeat that to create several tables rather than one, each table having at least a couple NOT NULL or whatever else statements you need for the tables.

Copy pasta code:

$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
} 

// sql to create table
$sql = "CREATE TABLE MyGuests (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY, 
firstname VARCHAR(30) NOT NULL,
anothername VARCHAR(30) NOT NULL,
morename VARCHAR(30) NOT NULL,
evenmore VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
)";

if ($conn->query($sql) === TRUE) {
  echo "Table MyGuests created successfully";
} else {
  echo "Error creating table: " . $conn->error;
}

$conn->close();

I do not consider it smart to create constants(! cluttering global space?) or variables just because I repeat that text in SQL Statements.

Do I miss something?
Or could SonarCloud be improved to not complain on such (I consider) false alarms?

Hey there.

I’ve moved your post to the section on reporting false-positives. Please read this post:

Specifically, it would be good if you could add a code snippet where the issue is raised and you think it shouldn’t (so our developers can trivially reproduce the issue).

Thanks - updated the OP with some more details.

Hi @smileBeda,

sorry for the late response.
Can you provide a better reproducer? We can not see any literal duplication in your snippet.

Best,
Nils

Perhaps I can share access to the actual source where this happens?
It might be easier to replicate?
It is however a private repo, but I have shared the access to it in past to someone here, I think it was @Hendrik_Buchwald

Hey Beda, are you referring to uhleloX? It seems to be public now?

Indeed, sorry, I made it public over the past few days.

The code is this function uhleloX/class-x-install.php at add933e4698c3ff8beb8b16dc550760337778f7b · uhleloX/uhleloX · GitHub

1 Like

Hello @smileBeda ,

thank you for providing the project. I have cloned and analyzed it. The 5 issues you see in the file classes/ class-x-install.php line 219-224 are not false positives. In your case, this rule doesn’t make it so reasonable in this context.

In order not to have the issue reoccur in your case, even if you mark the first issues as "Won’t fix’, you need to disable the rule for this file. This works via the settings General Settings > Analysis Scope > Ignore Issues on Multiple Criteria. Here you can enter the rule php:S1192 and the respective file (in this case classes/class-x-install.php).

For more information on how to customize the analysis, see Narrowing the Focus in the documentation.

I hope I could help you.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.