PHP :: Doc Bug #6198 :: Connecting to Postgres backend

Doc Bug #6198	Connecting to Postgres backend
Submitted:	2000-08-16 12:51 UTC	Modified:	2000-11-02 23:47 UTC
From:	goran at cenis dot org dot yu	Assigned:	jah (profile)
Status:	Closed	Package:	Documentation problem
PHP Version:	4.0.1pl2	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	goran at cenis dot org dot yu
New email:
PHP Version:		OS:

New Comment:

[2000-08-16 12:51 UTC] goran at cenis dot org dot yu

Functions pg_connect() and pg_pconnect() always connect to the PostgreSQL database with the user ID of the httpd server process. There is no way to set the user ID from PHP script, although Postgres connection protocol allows setting of username and password. 

This raises some security issues, because granting of access rights for database objects can't be properly imposed (user that httpd runs as has to have all rights to all database objects which PHP script must access).

In the libpq library there are two database connection functions: PQsetdb() and PQsetdbLogin() with prototypes as:

PGconn *PQsetdbLogin(const char *pghost,
                const char *pgport,
                const char *pgoptions,
                const char *pgtty,
                const char *dbName,
                const char *login,
                const char *pwd)

PGconn *PQsetdb(char *pghost,
                char *pgport,
                char *pgoptions,
                char *pgtty,
                char *dbName)

The Postgres programming manual states that PQsetdb() is only a macro that calls PQsetdbLogin() with null pointers for the login and pwd parameters, and that it is provided primarily for backward compatibility with old programs!!!

I looked up pgsql.c module a little bit, and I noticed that it still uses old PQsetdb() function, which not only might soon be obsolete, but does not allow for user and password for database connection to be set programmatically.

I think that this issue should be addressed as soon as possible. I would do it myself, but I'm not that comfortable with C/C++ programming.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-08-23 08:59 UTC] sniper@php.net

Reclassified.

--Jani

[2000-08-23 19:15 UTC] jah@php.net

Writing pg_connect() the way it would work with both older and newer versions of
PostgreSQL seems a bit unnecessary work, because the same time PQsetdbLogin()
replaced PQsetdb() in PostgreSQL APIs, there came also a new function PQconnectdb(), that takes one argument, a connection argument string. That's the current preferred way, because using it, the calling application doesn't actually have to now anything about the possible parameters, and they can be changed or there can be additions at the will of PostgreSQL developer team. PHP manual just notes that pg_connect() can be called this way too, not that the old way this is deprecated. This should/will be fixed in the manual.

-- Jouni

PS. Jani, hieno juttu ett? joku tosiaan jaksaa k?yd? n?it? bugeja l?pi, mutta ihan kaikkeen ei ehk? pid? koskea tiet?m?tt? t?sm?lleen mist? on kyse.... No, olihan t?? multakin kyll? fixaamatta.

[2000-11-02 23:45 UTC] ronabop@php.net

New syntax has been documented.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2026 The PHP Group All rights reserved.	Last updated: Wed Jun 17 05:00:01 2026 UTC