I just ran into a problem with a script that connects to a database based on user input. The problem is that when the password contains a dollar sign (ie 'abc$def'), the mysql_connect() function seems to attempt to interpolate the $def as a variable and thus only abc gets sent to mysql. The password is in a variable and I am calling the function like so:
mysql_connect( $a['db_host'], $a['db_user'], $a['db_pass'] )
PHP isn't interpolating the dollar sign because it was already escaped when it was inputted in the first place (echoing $a['db_pass'] results in the proper password string abc$def).
It works if the password is hard-coded into the script like so: (which is obviously out of the question)
mysql_connect( 'host', 'user', 'abc$def' )
So what can be done about this? Aside from changing the password. I work with a web host that generates passwords, and the dollar sign seems to show up a lot.
I tried addslashes(), quotemeta(), str_replace( '$', '\$', ...), and strval().
Is this a bug in the behavior of mysql_connect()?
