php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #69362 PDO-pgsql fails to connect if password contains a leading single quote
Submitted: 2015-04-03 00:44 UTC Modified: 2015-06-11 21:52 UTC
From: jon dot dufresne at gmail dot com Assigned: mbeccati (profile)
Status: Closed Package: PDO PgSQL
PHP Version: 5.5.23 OS: Linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: jon dot dufresne at gmail dot com
New email:
PHP Version: OS:

 

 [2015-04-03 00:44 UTC] jon dot dufresne at gmail dot com 
Description:
------------
If a PostgreSQL user's password contains a leading single quote (apostrophe) PDO-pgsql is unable to connect to the database as the user. The script fails with the message:

PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[08006] [7] unterminated quoted string in connection info string'

Test script:
---------------
#!/bin/bash

echo "Trailing quote"
psql postgres -c "DROP DATABASE IF EXISTS testphp"
psql postgres -c "DROP ROLE IF EXISTS testphp"
psql postgres -c "CREATE ROLE testphp PASSWORD 'asdf''' LOGIN"
psql postgres -c "CREATE DATABASE testphp OWNER testphp"
php -r "new PDO(\"pgsql:dbname=testphp\", \"testphp\", \"asdf'\");"

echo "Leading quote"
psql postgres -c "DROP DATABASE IF EXISTS testphp"
psql postgres -c "DROP ROLE IF EXISTS testphp"
psql postgres -c "CREATE ROLE testphp PASSWORD '''asdf' LOGIN"
psql postgres -c "CREATE DATABASE testphp OWNER testphp"
php -r "new PDO(\"pgsql:dbname=testphp\", \"testphp\", \"'asdf\");"


Expected result:
----------------
PHP can connect to the database no problem.

Output from script:

$ bash test.sh
Trailing quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE
Leading quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE


Actual result:
--------------
$ bash test.sh
Trailing quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE
Leading quote
DROP DATABASE
DROP ROLE
CREATE ROLE
CREATE DATABASE
PHP Fatal error:  Uncaught exception 'PDOException' with message 'SQLSTATE[08006] [7] unterminated quoted string in connection info string' in Command line code:1
Stack trace:
#0 Command line code(1): PDO->__construct('pgsql:dbname=te...', 'testphp', ''asdf')
#1 {main}
  thrown in Command line code on line 1

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-11 21:52 UTC] mbeccati@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: mbeccati
 [2015-06-11 22:28 UTC] mbeccati@php.net 
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7c0b8f872e3c15d50b1dc2d35be3674c24f82bf6
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-11 22:28 UTC] mbeccati@php.net
-Status: Verified +Status: Closed
 [2015-06-11 22:28 UTC] mbeccati@php.net 
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=afa4c3e7c72a616d21780fd39764f7fc03d0a3df
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-12 00:09 UTC] mbeccati@php.net 
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7c0b8f872e3c15d50b1dc2d35be3674c24f82bf6
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-23 18:04 UTC] ab@php.net 
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=afa4c3e7c72a616d21780fd39764f7fc03d0a3df
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 [2015-06-23 18:04 UTC] ab@php.net 
Automatic comment on behalf of mbeccati
Revision: http://git.php.net/?p=php-src.git;a=commit;h=7c0b8f872e3c15d50b1dc2d35be3674c24f82bf6
Log: Fix bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote)
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 21 15:01:30 2024 UTC