18.104.22.168 '--' as the Start of a Comment
Standard SQL uses the C syntax
/* this is a comment */ for comments, and MySQL Server supports this syntax as well. MySQL also support extensions to this syntax that enable MySQL-specific SQL to be embedded in the comment, as described in Section 9.6, “Comment Syntax”.
Standard SQL uses “
--” as a start-comment sequence. MySQL Server uses
# as the start comment character. MySQL Server also supports a variant of the
-- comment style. That is, the
-- start-comment sequence must be followed by a space (or by a control character such as a newline). The space is required to prevent problems with automatically generated SQL queries that use constructs such as the following, where we automatically insert the value of the payment for
UPDATE account SET credit=credit-payment
Consider about what happens if
payment has a negative value such as
UPDATE account SET credit=credit--1
credit--1 is a valid expression in SQL, but
-- is interpreted as the start of a comment, part of the expression is discarded. The result is a statement that has a completely different meaning than intended:
UPDATE account SET credit=credit
The statement produces no change in value at all. This illustrates that permitting comments to start with
-- can have serious consequences.
Using our implementation requires a space following the
-- for it to be recognized as a start-comment sequence in MySQL Server. Therefore,
credit--1 is safe to use.
Another safe feature is that the mysql command-line client ignores lines that start with