Dollar ($) sign in password string treated as variable
- by ncatnow
Spent some time troubleshooting a problem whereby a PHP/MySQL web application was having problems connecting to the database. The database could be accessed from the shell and phpMyAdmin with the exact same credentials and it didn't make sense.
Turns out the password had a $ sign in it:
$_DB["password"] = "mypas$word";
The password being sent was "mypas" which is obviously wrong.
What's the best way to handle this problem? I escaped the $ with a \
$_DB["password"] = "mypas\$word";
and it worked.
I generally use $string = 'test' for strings which is probably how I avoided running into this before.
Is this correct behavious? What if this password was stored in a database and PHP pulled it out - would this same problem occur? What am I missing here...