MariaDB Comment – How to use

In this MariaDB tutorial, we will study the use of the MariaDB Comment statement and we will also cover some examples. There are lists of the topic that comes under discussion:

• MariaDB comment
• MariaDB comment on column
• MariaDB comment syntax
• MariaDB comment sql injection
• MariaDB comment on table
• MariaDB comment utiliser
• MariaDB add comment to table
• MariaDB show database comment
• MariaDB change table comment
• MariaDB view comment

MariaDB Comment

As an aid to portability to different databases, MariaDB COMMENT supports different executable comments. These special comments are embedded in SQL code for you when run on other databases but will execute when running on MariaDB.

Comment Syntax:

There are three comment styles in MariaDB:

• Use a ‘#’ sign to the end of line:

DROP TABLE USA_MARVEL; #This is a usa_marvel table.

As we see in the above query, after executing the DROP TABLE statement we have used # sign to comment the use of query as per the user’s choice. Normally, the ‘#’ hash sign is used to write a single-line comment.

• Use a ‘–‘ sign at the end of the line. The space after two dashes is required as in MySQL and are shown below:

SELECT * FROM USA_HIGHSCHOOL;
-- Selecting all data from the usa_highschool table.

As we see in the above query, after executing the SELECT statement we have used the ‘–‘ DASH sign to comment on the use of query as per the user’s choice. Normally, it is used to comment to show what we are doing in that section, and as the comment section says “Selecting all data from the usa_highschool table.”

Normally, these “–“ DASH signs are used to write a single-line comment.

• C style comments from an opening ‘/*’ to closing ‘*/’ to this form can span multiple lines.

SELECT * FROM usa_hacker WHERE score>=50;

 /* Selecting all the data from the usa_hacker table. Also checking and 
 providing all data from the usa_hacker where score value is more than or equal to 50. */

As we see in the above query, we have used ‘/*’ opening comment and ‘*/’ closing comment to write an explanation of the query. As the comment was written – ” Selecting all the data from the usa_hacker table. Also checking and providing all data from the usa_hacker where score value is more than or equal to 50.“

Note: Nested comments are possibly used in some situations but they are not recommended or referred.

Also, check: MariaDB Date Function

MariaDB Comment on Column

In this section, we will learn how to add a comment to columns in MariaDB. This section will modify the table marvel_characters and add COMMENT to one of the columns named last_name. It is done by using ALTER statement by giving example below:

ALTER TABLE marvel_characters MODIFY COLUMN last_name VARCHAR(40) COMMENT "last name of marvel character";

As we want to check comment updated on the column, then write the below query:

SHOW FULL COLUMNS FROM marvel_characters;

As the above query says, by using ALTER TABLE statement to modify column and adding comment clause to add a comment as “last name of marvel_character”. And if we want to check comments then use the SHOW FULL COLUMNS statement.

Read: MariaDB IF Tutorial

MariaDB Comment Syntax

Normally, a MariaDB Comment is used to write for the explanation purpose of a query or the column. The syntax of the comment is given below:

SYNTAX:

1. By using ‘–‘ sign at the end of query.

 DROP TABLE USA_HACKER; --Dropping the usa_hacker from the database.

2. By using the ‘#’ sign at the end of the query.

SELECT * FROM USA_HACKER; #Selecting all data from usa_hacker table.

3. By using opening ‘/*’ to closing ‘*/’ in this form to span multiple lines.

SELECT * FROM Marvel_characters where marvel_id>=205;

/* Print all data from marvel_characters table. And selecting only data 
from table where marvel_id column is greater than or less than 205.*/

The sample example of the comment is given below:

SELECT * FROM dc_characters where dc_id>=103;

/* Print all data from dc_characters table. And selecting only data from table where dc_id column is greater than or less than 103. */

As we see in the above query, we have used ‘/*’ opening comment and ‘*/’ closing comment to write an explanation of the query. As the comment was written – “Print all data from dc_characters table. And selecting only data from a table where dc_id column is greater than or less than 103.“

Read: MariaDB DATEDIFF Function

MariaDB Comment SQL injection

In MariaDB, SQL injection refers to the stealing of data like private details, bank details, etc from other users without their authorization and it is done by hackers.

Normally while terminating a query properly in MariaDB, it is one of the main problems faced by the attacker while testing the query. The problem normally comes what follows by the user’s parameters. The MariaDB element is part of the query and the negative input must be formulated properly by the user to avoid syntax errors.

The example to illustrate the termination of a query by using the COMMENT clause. The weak script and attack are shown below:

THE SCRIPT TO BUILD A QUERY WITHOUT SANITIZING DATA:

SELECT hacker_nane, challenge_id FROM usa_hacker WHERE hacker_nane='".$value."' AND hacker_id>=2;

ATTACKER INPUT USING LINE COMMENTING:

admin' --

QUERY GENERATED:

SELECT hacker_nane,challenge_id FROM usa_hacker 
WHERE hacker_nane='admin' -- ' AND HACKER_ID>=2;

As we see in the above query, by using the COMMENT clause the attacker destroys the last condition and doesn’t want to handle the trailing section. The exact result could be achieved without using line commenting. It is also true for many subjects where user input is blended into the subquery.

The last position where comments can be used to facilitate an SQL injection is when multiple weak inputs are combined by the user in the same query. For that, he can use C-style comments to eliminate that part of the query. Below is an example:

REMOVES ALL DASHES AND NUMBER SIGNS FROM THE INPUT, THEN IT COMBINES THE QUERY:

INSERT INTO usa_hacker (hacker_nane, challenge_id) VALUES ('".$username."', 0)

ATTACKER’S INPUT (hacker_nane 1st, challenge_id 2nd LINE):

attacker', 102, /*

*/'90

QUERY GENERATED (ADMINISTRATOR RIGHTS):

INSERT INTO usa_hacker (hacker_nane, challenge_id,score) VALUES ('attacker', 102, /*', 0, '*/'90')

As it was mentioned before, these techniques are rarely used in real circumstances. However, it might be useful to overcome situations when:

• Other forms of comments are difficult to use(for eg- double dash is filtered by the application).
• Not possible to use stack queries.
• Not possible to make a union attacks.

Read: MariaDB Create Sequence

MariaDB Comment on Table

In MariaDB, we can provide a comment for each column using the COMMENT clause and it carries a maximum length of 1024 in it. Use the SHOW FULL COLUMNS statement to see column statements.

The syntax of the comment on the table is given below:

SYNTAX:

column-definition:
[comment 'string']

The sample example of comment on the table is given below:

EXAMPLE:

SHOW FULL COLUMNS FROM marvel_characters;

Read: MariaDB AUTO_INCREMENT

MariaDB Comment Utilizer

The comments are used to explain sections of the MariaDB query, or to prevent execution of the MariaDB statements.

MariaDB supports both Mysql’s executable comment method and also slightly updated version specific to MariaDB. If we have SQL code that will run both on MySQL and MariaDB but not on the other databases, we can envelop it in MySQL executable comment.

But if we have a code that takes advantage of these features available in MariaDB that we can use the MariaDB typical format that can hide the code from the Mysql.

The syntax of the MariaDB and the MySQL comments is given below:

SYNTAX:

/* ! MariaDB and MySQL executable comment syntax */

Execute a code by the version of MariaDB and MySQL:

SYNTAX VERSION:

/* ! ##### MySQL or MariaDB executable code here */

The numbers, represented by the ‘#####’ sign in the syntax example specify the minimum version of MariaDB that should execute the comment. The first number represents the major version, then the second 2 hash sign number represents the minor versions and the last 2 hash sign number represents the patch level.

For illustration, if we want to entrench some code that can execute on MySQL or MariaDB starting from the 5.1.0 version, then we would do as follows:

/* !50100 MySQL or MariaDB 5.1.0 (and above) code should goes here*/

Read: MariaDB Primary Key

MariaDB Add Comment to Table

In this section, we will learn how to add a comment on a table in the MariaDB database. For this implementation, we will create a USA_workfromhome table and add comments to one of the columns named emp_name.

CREATE TABLE usa_workfromhome(
  WFH_id int NOT NULL AUTO_INCREMENT PRIMARY KEY,
  emp_id int DEFAULT NULL,
  emp_name VARCHAR(50) DEFAULT NULL COMMENT "name of employee",
  emp_designation VARCHAR(50) DEFAULT NULL
);

SHOW FULL COLUMNS FROM usa_workfromhome;

As the above query says while creating the table by using CREATE TABLE statement and adding comments by using the COMMENT clause as the name of an employee. If we want to show already added comments to users then use the SHOW FULL COLUMNS statement.

Read: MariaDB Delete Row + Examples

MariaDB Show Database Comment

In MariaDB, there are three ways to add comments to the database or the table. The syntax to show database comments is given below:

SYNTAX:

1. By using ‘#’ sign to add comment in the database:

SHOW DATABASES; 
#To show all the databases.

2. By using the ‘–‘ sign to add comments in the database:

SHOW DATABASES;
-- To show all databases under the assigned username.

3. By using the opening ‘/*’ sign and the closing ‘*/’ sign in the database:

SHOW DATABASES;
/* To show all datbases under the assigned username. */

The sample example to show comments on the database is given below:

EXAMPLE:

SHOW DATABASES;
# showing all databases.

As we see in the above query, we have added a comment by using the ‘#’ sign to put a comment as “showing all databases“. So that other programmers can understand the use of writing this comment for the query.

Read: MariaDB Cast with Examples

MariaDB Change Table Comment

In this section, we will change the table comment by using ALTER statement and under using MODIFY clause to change the statement of the column. If we want to review the modification of the comment then we will use SHOW FULL COLUMN statement.

BEFORE COMMENT MODIFICATION:

SHOW FULL COLUMNS FROM usa_workfromhome;

As we see in the above query, before modification of comment in the usa_workfromhome table. The comment of the emp_name column was Enter the employer name.

AFTER COMMENT MODIFICATION:

ALTER TABLE marvel_characters MODIFY COLUMN last_name VARCHAR(40) COMMENT "last name of marvel character";

SHOW FULL COLUMNS FROM usa_workfromhome;

As we see in the above query, we have changed the comment name from “Enter the employer’s name” to “Employer’s Name” by using ALTER TABLE statement including with MODIFY COLUMN clause and also with COMMENT constraint.

If we want to see the modification which is done to comment on that column then we need to use the SHOW FULL COLUMNS statement.

Read: MariaDB Substring [11 Examples]

MariaDB View Comment

In this section, we will learn how to view comments of columns. We are going to view comments of any MariaDB comment by using the SHOW FULL COLUMNS statement.

The syntax to view comments of a table is given below:

SYNTAX:

SHOW FULL COLUMNS FROM [table_name];

Use MariaDB query:–

SHOW FULL COLUMNS FROM marvel_characters;

As we see in the above query, we have added a comment to the first_name column of the marvel_character table. If we want to view it then set the query by using the SHOW FULL COLUMNS statement.

Also, take a look at some more MariaDB tutorials.

• MariaDB LIKE Operator [7 Examples]
• MariaDB Insert Into + Examples
• How to Create View in MariaDB
• Replace Function in MariaDB [9 Examples]

In this tutorial, we have learned about the MariaDB Comment using some examples. Moreover, we have also covered the following topics in this tutorial as given below:

• MariaDB comment
• MariaDB comment on column
• MariaDB comment syntax
• MariaDB comment sql injection
• MariaDB comment on table
• MariaDB comment utiliser
• MariaDB add comment to table
• MariaDB change table comment
• MariaDB view comment