php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #56658 db2_connect() returns conn recource even if the credentials are invalid
Submitted: 2005-11-17 13:34 UTC Modified: 2005-11-17 16:42 UTC
From: antony at zend dot com Assigned: dbs (profile)
Status: Closed Package: ibm_db2 (PECL)
PHP Version: Irrelevant OS: Linux
Private report: No CVE-ID: None
 [2005-11-17 13:34 UTC] antony at zend dot com
Description:
------------
I'm able to connect and issue queries to DB2 with invalid credentials (but using the valid DB name) using ibm_db2.

$ db2level
DB21085I  Instance "db2inst1" uses "32" bits and DB2 code release "SQL08020"
with level identifier "03010106".
Informational tokens are "DB2 v8.1.0.64", "s040812", "MI00086", and FixPak "7".
Product is installed at "/opt/IBM/db2/V8.1".

ibm_db2 version 1.1.4

Reproduce code:
---------------
<?php

$db="SAMPLE"; // the DB is valid
$dsn = "DSN=$db;User Id=blah;Password=blahblah;";
$conn = db2_connect($dsn, "", "");
var_dump($conn);

db2_exec($conn, "SELECT 1 FROM SYSIBM.SYSDUMMY1"); 
var_dump(db2_fetch_array($r));

?>

Expected result:
----------------
I would expect db2_connect() to fail like it does when I use invalid DB name.

Actual result:
--------------
resource(5) of type (conn struct)
array(1) {
  [0]=>
  int(1)
}

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2005-11-17 14:02 UTC] denials at gmail dot com
I suspect this bug occurs because the code uses:

if (rc == SQL_ERROR) {
  ... do error handling
}

rather than:

if (rc != SQL_SUCCESS) {
  ... do error handling
}

I have a patch, am just checking it to ensure that it works as expected on Linux and Windows.
 [2005-11-17 16:42 UTC] denials at gmail dot com
Thank you for your bug report. This issue has been fixed
in the latest released version of the package, which you can download at
http://pecl.php.net/get/ibm_db2

Please grab release 1.1.5 -- the problem should be fixed.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved.
Last updated: Wed Jan 15 13:01:29 2025 UTC