php - Dollar ($) sign in password string treated as variable

Question

Welcome To Ask or Share your Answers For Others

php - Dollar ($) sign in password string treated as variable

posted Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

php - Dollar ($) sign in password string treated as variable

Spent some time troubleshooting a problem whereby a PHP/MySQL web application was having problems connecting to the database. The database could be accessed from the shell and phpMyAdmin with the exact same credentials and it didn't make sense.

Turns out the password had a $ sign in it:

$_DB["password"] = "mypas$word";

The password being sent was "mypas" which is obviously wrong.

What's the best way to handle this problem? I escaped the $ with a

$_DB["password"] = "mypas$word";

and it worked.

I generally use $string = 'test' for strings which is probably how I avoided running into this before.

Is this correct behavior? What if this password was stored in a database and PHP pulled it out - would this same problem occur? What am I missing here...

Question&Answers:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-16T22:23:08+0000

$_DB['password'] = 'mypas$word';

Single quote strings are not processed and are taken "as-is". You should always use single quote strings unless you specifically need the $variable or escape sequences ( , , etc) substitutions. It's faster and less error prone.

Categories

php - Dollar ($) sign in password string treated as variable

php - Dollar ($) sign in password string treated as variable

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags