PHP :: Bug #50323 :: No ability to connect to database named 't;', no chance to escape semicolon

Bug #50323

No ability to connect to database named 't;', no chance to escape semicolon

Submitted:

2009-11-29 13:25 UTC

Modified:

2009-12-06 19:34 UTC

Votes:	2
Avg. Score:	1.0 ± 0.0
Reproduced:	0 of 1 (0.0%)

From:

winner5 at interia dot pl

Assigned:

Status:

Closed

Package:

PDO related

PHP Version:

5.3.1

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	winner5 at interia dot pl
New email:
PHP Version:		OS:

New Comment:

[2009-11-29 13:25 UTC] winner5 at interia dot pl

Description:
------------
There is no way to escape semicolon in dsn to be treated like a char, not as a separator.

Reproduce code:
---------------
<?php
 $pdo = new PDO('mysql:host=localhost;dbname=t\\;', 'user', 'pass');
?>

Expected result:
----------------
Successfully established connection

Actual result:
--------------
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000] [1049] Unknown database 't\'' in ./index.php:1
Stack trace:
#0 ./index.php(1): PDO->__construct('mysql:host=loca...', 'user', 'pass')
#1 {main}
  thrown in ./index.php on line 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2009-11-29 14:09 UTC] alfredorj at walla dot com

Why do you don't go to see if I'm on the corner?
This bug is not a bug! Who does make a database with ";" chars?
You are a really loser.

[2009-11-29 14:51 UTC] fa@php.net

IBTB (In before the bogus):

http://xkcd.com/327/

[2009-11-29 21:29 UTC] kelt3we at gmail dot com

This is by no means a proper way to provide feedback to a bug report, even if the user's claim is wrong. Next time remember this is not a humor site ;-)

[2009-11-29 23:11 UTC] fa@php.net

Yes, I'm terribly sorry.

To be more on-topic then, afaik SQLite doesn't even allow ';' as part of either database or table name, so I was under the impression mysql wasn't either.

Verified on 5.2.6-1+lenny3

Problem seems to lie somewhere in ext/pdo/pdo_dbh.c in dbh_constructor fwiw.

[2009-12-06 19:34 UTC] svn@php.net

Automatic comment from SVN on behalf of iliaa
Revision: http://svn.php.net/viewvc/?view=revision&revision=291775
Log: Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN).

[2009-12-06 19:34 UTC] iliaa@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.

[2009-12-06 21:32 UTC] svn@php.net

Automatic comment from SVN on behalf of pierrick
Revision: http://svn.php.net/viewvc/?view=revision&revision=291781
Log: Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN even in the middle of a string).

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 14:01:32 2024 UTC