0

I tried the mysqldump in php 

shell_exec("mysqldump --user=$username --password=$password --host=$host $database > dump.sql");

Works fine if password is plain. But when there's a symbol in the password & in my case, it does't work. Any idea why, or how this can be resolved?

Short answer could be don't put symbols in your password. But that's not the answer I'm looking for and some DB passwords are beyond my reach. So I need a solution or a workaround.

Improve this question
4
  • 2
    did you try to put quotes around password? just in case Commented Nov 6, 2015 at 11:51
  • 1
    have you tried using the escapeshellcmd function : php.net/manual/en/function.escapeshellcmd.php Commented Nov 6, 2015 at 12:25
  • using quotes worked. thanks. Commented Nov 6, 2015 at 12:50
  • Yep, and using quotes will work until there is a quote in your password. Commented Nov 7, 2015 at 0:27

3 Answers 3

Reset to default
1

Given that you're using some unknown input, I'd use escapeshellcmd, which should be able to deal with everything (including having a ' in your password).

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Using quotes worked. Thanks +Mubin

 shell_exec("mysqldump --user='$username' --password='$password' --host=$host $databaseName > dump.sql");
Improve this answer

Comments

0

If the password contains a ' then --password='$password' does not work. The best solution I have found for Windows and Linux is:

if ($isWindows) {
    $password = str_replace('"', '\\"', $password);
    return " --password=\"$password\"";
} else {
    $q = "'";
    $password = str_replace("'", "'\\''", $password);
    return " --password='$password'";
}

Tested with password []<>(),;:/\| !@#$%^&*()_-+=~?`"'

Updated: escapeshellcmd does not help, at least on Linux, it adds extra \, but mysql does not accept such a password.

Improve this answer

3 Comments

You probably want escapeshellarg(). To be honest, I don't really understand what escapeshellcmd() is trying to accomplish.
At least on Windows escapeshellarg does wrong things: php.net/manual/en/function.escapeshellarg.php#123718
Yes, it actually does. I've finally given up and switched to Symfony Process for anything non-trivial.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.