Error observed: Define a constant instead of duplicating this literal "SQL STATEMENT" n times.
Steps to reproduce
Create a couple SQL Queries/Statements in PHP (later used with PDO) for example creating a bunch of tables.
You might end up with repeating TEXT NOT NULL or whatever you have to pass as table definitions like this example PHP MySQL Create Table
Just repeat that to create several tables rather than one, each table having at least a couple NOT NULL or whatever else statements you need for the tables.
Copy pasta code:
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
// sql to create table
$sql = "CREATE TABLE MyGuests (
id INT(6) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
firstname VARCHAR(30) NOT NULL,
anothername VARCHAR(30) NOT NULL,
morename VARCHAR(30) NOT NULL,
evenmore VARCHAR(30) NOT NULL,
lastname VARCHAR(30) NOT NULL,
email VARCHAR(50),
reg_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
)";
if ($conn->query($sql) === TRUE) {
echo "Table MyGuests created successfully";
} else {
echo "Error creating table: " . $conn->error;
}
$conn->close();
I do not consider it smart to create constants(! cluttering global space?) or variables just because I repeat that text in SQL Statements.
Do I miss something?
Or could SonarCloud be improved to not complain on such (I consider) false alarms?
I’ve moved your post to the section on reporting false-positives. Please read this post:
Specifically, it would be good if you could add a code snippet where the issue is raised and you think it shouldn’t (so our developers can trivially reproduce the issue).
Perhaps I can share access to the actual source where this happens?
It might be easier to replicate?
It is however a private repo, but I have shared the access to it in past to someone here, I think it was @Hendrik_Buchwald
thank you for providing the project. I have cloned and analyzed it. The 5 issues you see in the file classes/ class-x-install.php line 219-224 are not false positives. In your case, this rule doesn’t make it so reasonable in this context.
In order not to have the issue reoccur in your case, even if you mark the first issues as "Won’t fix’, you need to disable the rule for this file. This works via the settings General Settings > Analysis Scope > Ignore Issues on Multiple Criteria. Here you can enter the rule php:S1192 and the respective file (in this case classes/class-x-install.php).
For more information on how to customize the analysis, see Narrowing the Focus in the documentation.