php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #46457 PDO+MySQL 5.1 gets empty username if password is empty
Submitted: 2008-11-01 18:10 UTC Modified: 2008-11-23 02:13 UTC
From: spam04 at pornel dot net Assigned: mysql (profile)
Status: Closed Package: PDO related
PHP Version: 5.3CVS-2008-11-01 (snap) OS: Mac OS X 10.5.5
Private report: No CVE-ID: None
 [2008-11-01 18:10 UTC] spam04 at pornel dot net
Description:
------------
When connecting to MySQL 5.1 (mysql-5.1.29-rc-osx10.5-x86_64 to be exact) with empty password in PDO::__construct(), MySQL receives empty username.

Seems like bug #43493 (I've tried on snapshot from 10 minutes ago, so it's not fixed in CVS, at least not for MySQL)

Actual result:
--------------
new PDO("mysql:dbname=database","username",'');

results in:

SQLSTATE[42000] [1044] Access denied for user ''@'localhost' to database 'database'

Note that MySQL got empty username.

However:

$dest_db = new PDO("mysql:dbname=database","username",'password');

gives expected error:

SQLSTATE[28000] [1045] Access denied for user 'username'@'localhost' (using password: YES)



Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-11-01 18:11 UTC] spam04 at pornel dot net
(fixed summary)
 [2008-11-17 17:14 UTC] johannes@php.net
I can't reproduce, I assume it's an issue within the server or libmysql. Would the empty password be correct or is it just lost for the error message?

Could you also try changing pdo_mysql_handle_factory() in ext/pdo_mysql/mysql_driver.c so that

        if (mysql_real_connect(H->server, host, dbh->username, dbh->password, dbname, port, unix_socket, connect_opts) == NULL) {
                pdo_mysql_error(dbh);
                goto cleanup;
        }

reads something like (adding a php_printf() call)

        if (mysql_real_connect(H->server, host, dbh->username, dbh->password, dbname, port, unix_socket, connect_opts) == NULL) {
                php_printf("User: %s", dbh->username);
                pdo_mysql_error(dbh);
                goto cleanup;
        }

and then recompile PHP?

The username is then printed in case of an error so we can verify it isn't lost. If that username is correct it's a MySQL issue, else I'd have to do further investigation on PHP side.
 [2008-11-23 02:13 UTC] spam04 at pornel dot net
I can't reproduce this anymore either, so this must have been some weird glitch.
Thanks for looking into it.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Wed Sep 18 20:01:27 2019 UTC