php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #34628 Showing database's pass in PDOException
Submitted: 2005-09-24 14:46 UTC Modified: 2005-09-24 15:26 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: darkspirit at strefaphp dot net Assigned:
Status: Not a bug Package: PDO related
PHP Version: 5.1.0RC1 OS: WindowsXp Home SP2
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: darkspirit at strefaphp dot net
New email:
PHP Version: OS:

 

 [2005-09-24 14:46 UTC] darkspirit at strefaphp dot net
Description:
------------
While constructing PDO object and trying to connect with database, in case something goes wrong, an exception is reportted. Everything is ok unless you want to display trace of exception or exception's object. In this case all required information for connecting with database are displayed.

Reproduce code:
---------------
    catch (PDOException $e)
    {
       echo $e -> getTrace();
       echo $e;	
    }

Expected result:
----------------
exception 'PDOException' with message 'SQLSTATE[28000] [1045] Access denied for user: 'root@localhost' (Using password: YES)' in c:\htdocs\opb\opb\includes\main.php:146 Stack trace: #0 c:\htdocs\opb\opb\includes\main.php(146): PDO->__construct('mysql:dbname=op...', 'root', 'password') #1 c:\htdocs\opb\opb\index.php5(30): OPB->execute('index') #2 {main}


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-09-24 15:26 UTC] tony2001@php.net
The trace should be used for debugging purposes only.
Password or any other valuable data (like credit card number or SIN) will appear in trace and that's expected since PHP can't guess if a data is valuable or not and considers all the arguments as only arguments.

 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 13:01:29 2024 UTC