php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43493 Pdo_pgsql forgets username when given null password
Submitted: 2007-12-04 10:06 UTC Modified: 2007-12-04 13:07 UTC
From: jurka at ejurka dot com Assigned:
Status: Closed Package: PDO related
PHP Version: 5.2.5 OS: Debian Unstable
Private report: No CVE-ID:
 [2007-12-04 10:06 UTC] jurka at ejurka dot com
Description:
------------
When creating a PDO object using the pgsql driver, the supplied username is dropped if the password is null.



Reproduce code:
---------------
$pdo = new PDO('pgsql:host=localhost;port=5777;dbname=mydb', 'myuser');


This will not use the "myuser" username supplied.  Looking at the code in ext/pdo_pgsql/pgsql_driver.c circa line 695 it says:

        /* support both full connection string & connection string + login and/or password */
        if (!dbh->username || !dbh->password) {
                spprintf(&conn_str, 0, "%s connect_timeout=%ld", (char *) dbh->data_source, connect_timeout);
        } else if (dbh->username && dbh->password) {
                spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, dbh->password, connect_timeout);
        } else if (dbh->username) {
                spprintf(&conn_str, 0, "%s user=%s connect_timeout=%ld", dbh->data_source, dbh->username, connect_timeout);
        } else {
                spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, dbh->password, connect_timeout);
        }

It's trying to cover all the cases of username and password set or not, but the first condition is wrong.  It should be 

        if (!dbh->username && !dbh->password) {



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-04 13:07 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.



 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Sun Apr 20 01:02:05 2014 UTC