美元 ($) 登录密码字符串被视为变量 [英] Dollar ($) sign in password string treated as variable

问题描述

花了一些时间来解决一个问题，即 PHP/MySQL Web 应用程序在连接到数据库时遇到问题.可以使用完全相同的凭据从 shell 和 phpMyAdmin 访问数据库，但这是没有意义的.

Spent some time troubleshooting a problem whereby a PHP/MySQL web application was having problems connecting to the database. The database could be accessed from the shell and phpMyAdmin with the exact same credentials and it didn't make sense.

原来密码中有 $ 符号:

Turns out the password had a $ sign in it:

$_DB["password"] = "mypas$word";

发送的密码是mypas"，这显然是错误的.

The password being sent was "mypas" which is obviously wrong.

处理这个问题的最佳方法是什么?我用

What's the best way to handle this problem? I escaped the $ with a

$_DB["password"] = "mypas$word";

它奏效了.

我通常将 $string = 'test' 用于字符串，这可能是我之前避免遇到这种情况的方法.

I generally use $string = 'test' for strings which is probably how I avoided running into this before.

这是正确的行为吗?如果此密码存储在数据库中并且 PHP 将其取出怎么办 - 会发生同样的问题吗?我在这里错过了什么......

Is this correct behavior? What if this password was stored in a database and PHP pulled it out - would this same problem occur? What am I missing here...

推荐答案

$_DB['password'] = 'mypas$word';

单引号字符串不会被处理并按原样"处理.您应该始终使用单引号字符串，除非您特别需要 $variable 或转义序列( 、 等)替换.它更快，更不容易出错.

Single quote strings are not processed and are taken "as-is". You should always use single quote strings unless you specifically need the $variable or escape sequences ( , , etc) substitutions. It's faster and less error prone.

这篇关于美元 ($) 登录密码字符串被视为变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！