Edit report at http://bugs.php.net/bug.php?id=53217&edit=1
ID: 53217
Updated by: il...@php.net
Reported by: bell at ctrlf5 dot co dot za
Summary: PDO treats backslashes in pgsql passwords as escape
characters
-Status: Open
+Status: Bogus
Type: Bug
Package: PDO related
Operating System: Ubuntu 10.04 AMD64 W/S
PHP Version: 5.3.3
Block user comment: N
Private report: N
New Comment:
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at
http://www.php.net/manual/ and the instructions on how to report
a bug at http://bugs.php.net/how-to-report.php
Previous Comments:
------------------------------------------------------------------------
[2010-11-01 19:19:00] fel...@php.net
Well, I was wondering about the connect string using the password with
others parameters, not when using the password on a separated parameter
(as in your example). In this case, I guess it could be escaped, as
requested.
------------------------------------------------------------------------
[2010-11-01 18:44:20] bell at ctrlf5 dot co dot za
So you believe that it is not PDO's responsibility to escape input
values before passing them to underlying functions?
That doesn't sound right.
------------------------------------------------------------------------
[2010-11-01 18:24:06] fel...@php.net
This is due the libpq behavior. See
http://www.postgresql.org/docs/8.1/static/libpq.html
------------------------------------------------------------------------
[2010-11-01 08:04:30] bell at ctrlf5 dot co dot za
Description:
------------
When using a password containing a backslash to connect to PostgreSQL
database via PDO the driver appears to be treating the backslash as an
escape charcter.
The problem is not global to PDO since MySQL works as expected.
It is not global to libpq since PearDB and the psql command line tool
work as expected.
Further explanation in the comments in the test script.
Test script:
---------------
$host = 'localhost';
$database = 'imix';
$username = 'imix';
// Password is |\/|ix3dUp
/*
Works for MySQL - Doesn't work for pgsql - wireshark shows |/x3edUp
sent to server, error message shows password correctly
*/
$mysql_password = '|\/|ix3dUp';
/*
Doesn't work for pg - |/x3edUp still sent to server - error message
still shows password correctly - this is because \ is one of the two
chars escaped in a single quoted string
*/
// $password = '|\\/|ix3dUp';
/*
Works for pgsql, not for mysql - Error message on mysql attempt shows
two backslashes
Initial parse treats the first one as an escape, handing two to PDO -
pgsql driver seems to interpret the first remaining one as an escape
which really doesn't sound right ...
*/
$pgsql_password = '|\\\/|ix3dUp';
$mysql_connection = new PDO('mysql:host='.$host.';dbname='.$database,
$username, $mysql_password);
$pgsql_connection = new PDO('pgsql:host='.$host.';dbname='.$database,
$username, $pgsql_password);
Expected result:
----------------
I would expect the password as used for MySQL to work for both the
engines.
Actual result:
--------------
Test script as it stands executes without error.
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53217&edit=1
