php 美元 ($) 登录密码字符串被视为变量
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2557834/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Dollar ($) sign in password string treated as variable
提问by ncatnow
Spent some time troubleshooting a problem whereby a PHP/MySQL web application was having problems connecting to the database. The database could be accessed from the shell and phpMyAdmin with the exact same credentials and it didn't make sense.
花了一些时间来解决一个问题,即 PHP/MySQL Web 应用程序在连接到数据库时遇到问题。可以使用完全相同的凭据从 shell 和 phpMyAdmin 访问数据库,但这没有意义。
Turns out the password had a $ sign in it:
原来密码中有一个 $ 符号:
$_DB["password"] = "mypas$word";
The password being sent was "mypas" which is obviously wrong.
发送的密码是“mypas”,这显然是错误的。
What's the best way to handle this problem? I escaped the $ with a \
处理这个问题的最佳方法是什么?我用 \ 逃脱了 $
$_DB["password"] = "mypas$word";
and it worked.
它奏效了。
I generally use $string = 'test'for strings which is probably how I avoided running into this before.
我通常使用$string = 'test'字符串,这可能是我之前避免遇到这个问题的方式。
Is this correct behavior? What if this password was stored in a database and PHP pulled it out - would this same problem occur? What am I missing here...
这是正确的行为吗?如果此密码存储在数据库中并且 PHP 将其取出怎么办 - 会发生同样的问题吗?我在这里错过了什么......
回答by Thomas Bonini
$_DB['password'] = 'mypas$word';
Single quote strings are not processed and are taken "as-is". You should always use single quote strings unless you specifically need the $variable or escape sequences (\n, \r, etc) substitutions. It's faster and less error prone.
不处理单引号字符串并按“原样”处理。您应该始终使用单引号字符串,除非您特别需要 $variable 或转义序列(\n、\r 等)替换。它更快,更不容易出错。
回答by Benji XVI
PHP is interpolating the variable $wordinto the string mypas$word, as is normal behaviour for string literals delineated with double quotes. Since $wordis presumably undefined, the resulting interpolated string is mypas.
PHP 正在将变量$word插入到 string 中mypas$word,这对于用双引号括起来的字符串文字来说也是正常的。由于$word可能是未定义的,因此生成的内插字符串是mypas。
The solution is to use single quotes. Single-quoted string literals do not undergo variable interpolation.
解决方案是使用单引号。单引号字符串文字不进行变量插值。
回答by brianlmerritt
The other answers all work until there are single quotes embedded in the passsword.
其他答案都有效,直到密码中嵌入了单引号。
Fail:
失败:
$_DB['password'] = 'my'pas$word';
$_DB['password'] = 'my'pas$word';
Alternatives:
备择方案:
If you don't have other escaped characters, you can escape the $ with \$, e.g.
如果你没有其他转义字符,你可以用 转义 $ \$,例如
$_DB['password'] = "my'pas\$word";
$_DB['password'] = "my'pas\$word";
Or it may be simpler to escape the single quote e.g.
或者转义单引号可能更简单,例如
$_DB['password'] = 'my\'pas$word';
$_DB['password'] = 'my\'pas$word';
回答by Ray Hidayat
Just put it in a single-quoted string:
只需将它放在一个单引号字符串中:
$_DB['password'] = 'mypas$word';
The double-quoted string will interpolate variables, but single-quoted strings won't. So that will solve your problem.
双引号字符串将插入变量,但单引号字符串不会。所以这将解决你的问题。
回答by ghostdog74
use single quotes
使用单引号
$_DB["password"] = 'mypas$word';
回答by Jeff Beck
Just use single quotes ' instead of " and it will not try and treat $word as a variable.
只需使用单引号 ' 而不是 " ,它不会尝试将 $word 视为变量。
$_DB['password'] = 'mypas$word';
回答by Brian Riehman
Strings quotes with the double quotation are interpreted for variables. Single quoted strings are interpreted literally.
带双引号的字符串引号被解释为变量。单引号字符串按字面解释。
$a = "one";
$b = "$a";
echo $b . "\n";
$b = '$a';
echo $b . "\n";
This should yield:
这应该产生:
one
$a
回答by blink
I just ran across this problem and fixed it prior to finding this thread. I am sure all the solutions with single quotes work perfect. I chose to just concatenate the pass which also works fine as I was unaware of the single quote solution....IE
我刚刚遇到了这个问题并在找到这个线程之前修复了它。我确信所有带单引号的解决方案都能完美运行。我选择只连接传递也可以正常工作,因为我不知道单引号解决方案....IE
$db_password = "SamWise" . "$" . "GangiTYloYG";
