No ability to connect to database named 't;', no chance to escape semicolon

Bug #50323 No ability to connect to database named 't;', no chance to escape semicolon
Submitted: 2009-11-29 13:25 UTC Modified: 2009-12-06 19:34 UTC
Votes:2
Avg. Score:1.0 ± 0.0
Reproduced:0 of 1 (0.0%)
From: winner5 at interia dot pl Assigned:
Status: Closed Package: PDO related
PHP Version: 5.3.1 OS: Linux
Private report: No CVE-ID: None

 [2009-11-29 13:25 UTC] winner5 at interia dot pl

Description:
------------
There is no way to escape semicolon in dsn to be treated like a char, not as a separator.

Reproduce code:
---------------
<?php
 $pdo = new PDO('mysql:host=localhost;dbname=t\\;', 'user', 'pass');
?>

Expected result:
----------------
Successfully established connection

Actual result:
--------------
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000] [1049] Unknown database 't\'' in ./index.php:1
Stack trace:
#0 ./index.php(1): PDO->__construct('mysql:host=loca...', 'user', 'pass')
#1 {main}
  thrown in ./index.php on line 1


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

 [2009-11-29 14:09 UTC] alfredorj at walla dot com

Why do you don't go to see if I'm on the corner?
This bug is not a bug! Who does make a database with ";" chars?
You are a really loser.

 [2009-11-29 21:29 UTC] kelt3we at gmail dot com

This is by no means a proper way to provide feedback to a bug report, even if the user's claim is wrong. Next time remember this is not a humor site ;-)

 [2009-11-29 23:11 UTC] fa@php.net

Yes, I'm terribly sorry.

To be more on-topic then, afaik SQLite doesn't even allow ';' as part of either database or table name, so I was under the impression mysql wasn't either.

Verified on 5.2.6-1+lenny3

Problem seems to lie somewhere in ext/pdo/pdo_dbh.c in dbh_constructor fwiw.

 [2009-12-06 19:34 UTC] iliaa@php.net

This bug has been fixed in SVN.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.