php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #64480 sensitive mysqli conexion elements
Submitted: 2013-03-21 17:50 UTC Modified: 2013-03-22 00:44 UTC
From: kseltar at gmail dot com Assigned:
Status: Not a bug Package: mysql (PECL)
PHP Version: 5.4Git-2013-03-21 (snap) OS: Linux (Debian testing)
Private report: No CVE-ID: None
 [2013-03-21 17:50 UTC] kseltar at gmail dot com
Description:
------------
uname -a
Linux kseltar004 3.2.0-4-amd64 #1 SMP Debian 3.2.39-2 x86_64 GNU/Linux
php --version
PHP 5.4.4-14 (cli) (built: Mar  4 2013 14:08:43)

#################### start code ####################
  $syssrv = "127.0.0.1";
  $sysprt = "3306";     # or "s3306" or "3306s" or "33066" or "3s306"
  $sysdbs = "database";
  $sysusr = "user";
  $syspas = "pass";

  @ $syscnx = mysqli_connect ($syssrv, $sysusr, $syspas, $sysdbs, $sysprt);
  echo "Error text: ".mysqli_connect_error ($syscnx).".";
##################### end code #####################
error printed
* "3306":  is true when port is 3306
* "33066": show "Can't connect to MySQL server on '127.0.0.1' (111)"
* "s3306": why show null dialog?
* "3306s": why is not an error? 
* "3s306": show "Can't connect to MySQL server on '127.0.0.1' (111)"





Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2013-03-22 00:44 UTC] johannes@php.net
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php

This is the consequence of PHP's type casting behavior.

(int)"3306" -> 3306
(int)"s3306" -> 0
(int)"3306s" -> 3306
(int)"3s306" -> 3

Not specific for mysqli.
 [2013-03-22 00:44 UTC] johannes@php.net
-Status: Open +Status: Not a bug -Type: Security +Type: Bug
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Mon Nov 29 08:03:14 2021 UTC