Download & Extend

connect string doesn't allow for blank mysql password

Project:Database Scripts
Version:6.x-2.x-dev
Component:Code
Category:bug report
Priority:normal
Assigned:ceardach
Status:closed (fixed)

Issue Summary

In secure development environments, lazy developers like to connect to the DB without using a password.

ex: $db_url = 'mysqli://root@localhost/my_site';

We can allow for this if we tweak the regex:

<?php
function dbscripts_db_connect() {
  require(
'config.inc');
  require(
"$settings_path/settings.php");
 
 
preg_match('/'.$dbtype.':\/\/([^:]+):*([^@]*)@([^\/]+)\/(.+)/', $db_url, $db_settings);

 
$dbuser = $db_settings[1];
 
$dbpassword = $db_settings[2];
 
$dbhost = $db_settings[3];
 
$dbname = $db_settings[4];

  return
"-u $dbuser ".($dbpassword ? "-p$dbpassword" : "")." -h $dbhost $dbname";
}
?>

Note that only the preg_match and return lines have been changed

Comments

#1

Assigned to:Anonymous» ceardach

Thanks, hadn't even thought of that scenario. I'll add the support the next time I work on it (which should be soon, I'm trying to push out v1.0 soonish).

#2

Version:5.x-1.x-dev» 6.x-2.x-dev

#3

This would be another candidate for parse_url.

#4

#5

Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.