php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34628 Showing database's pass in PDOException
Submitted: 2005-09-24 14:46 UTC Modified: 2005-09-24 15:26 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: darkspirit at strefaphp dot net Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.1.0RC1 OS: WindowsXp Home SP2
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: darkspirit at strefaphp dot net
New email:
PHP Version: OS:

 

 [2005-09-24 14:46 UTC] darkspirit at strefaphp dot net
Description:
------------
While constructing PDO object and trying to connect with database, in case something goes wrong, an exception is reportted. Everything is ok unless you want to display trace of exception or exception's object. In this case all required information for connecting with database are displayed.

Reproduce code:
---------------
    catch (PDOException $e)
    {
       echo $e -> getTrace();
       echo $e;	
    }

Expected result:
----------------
exception 'PDOException' with message 'SQLSTATE[28000] [1045] Access denied for user: 'root@localhost' (Using password: YES)' in c:\htdocs\opb\opb\includes\main.php:146 Stack trace: #0 c:\htdocs\opb\opb\includes\main.php(146): PDO->__construct('mysql:dbname=op...', 'root', 'password') #1 c:\htdocs\opb\opb\index.php5(30): OPB->execute('index') #2 {main}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-24 15:26 UTC] tony2001@php.net
The trace should be used for debugging purposes only.
Password or any other valuable data (like credit card number or SIN) will appear in trace and that's expected since PHP can't guess if a data is valuable or not and considers all the arguments as only arguments.

 
PHP Copyright © 2001-2020 The PHP Group
All rights reserved.
Last updated: Mon Nov 23 20:01:23 2020 UTC