Spent some time troubleshooting a problem whereby a PHP/MySQL web application was having problems connecting to the database. The database could be accessed from the shell and phpMyAdmin with the exact same credentials and it didn't make sense.
Turns out the password had a $ sign in it:
$_DB["password"] = "mypas$word";
The password being sent was "mypas" which is obviously wrong.
What's the best way to handle this problem? I escaped the $ with a \
$_DB["password"] = "mypas\$word";
and it worked.
I generally use $string = 'test'
for strings which is probably how I avoided running into this before.
Is this correct behavior? What if this password was stored in a database and PHP pulled it out - would this same problem occur? What am I missing here...
The $var (single dollar) is a normal variable with the name var that stores any value like string, integer, float, etc. The $$var (double dollar) is a reference variable that stores the value of the $variable inside it.
The $x (single dollar) is the normal variable with the name x that stores any value like string, integer, float, etc. The $$x (double dollar) is a reference variable that stores the value which can be accessed by using the $ symbol before the $x value. These are called variable variables in PHP.
Rasmus Lerdorf, the father of the PHP language, explains the $ sign as an ability to insert variables inside literal string values (interpolation), so that the variables are distinguished from the rest of the string.
$_DB['password'] = 'mypas$word';
Single quote strings are not processed and are taken "as-is". You should always use single quote strings unless you specifically need the $variable or escape sequences (\n, \r, etc) substitutions. It's faster and less error prone.
PHP is interpolating the variable $word
into the string mypas$word
, as is normal behaviour for string literals delineated with double quotes. Since $word
is presumably undefined, the resulting interpolated string is mypas
.
The solution is to use single quotes. Single-quoted string literals do not undergo variable interpolation.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With