| Bug #1271 | Undefined variable in PASSWORD() function is not handled correctly | ||
|---|---|---|---|
| Submitted: | 13 Sep 2003 4:01 | Modified: | 21 Oct 2003 8:25 |
| Reporter: | Indrek Siitan | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S2 (Serious) |
| Version: | 4.0, 4.1 | OS: | Any (any) |
| Assigned to: | Sergei Golubchik | CPU Architecture: | Any |
[21 Oct 2003 8:25]
Sergei Golubchik
Thank you for your bug report. This issue has been committed to our
source repository of that product and will be incorporated into the
next release.
If necessary, you can access the source repository and build the latest
available version, including the bugfix, yourself. More information
about accessing the source trees is available at
http://www.mysql.com/doc/en/Installing_source_tree.html
Fixed in 4.0.17
Description: Passing an undefined variable to the PASSWORD() function eliminates it from the WHERE clause. How to repeat: create table temp_table ( name VARCHAR(50) NOT NULL PRIMARY KEY, pw VARCHAR(16) NOT NULL); INSERT INTO temp_table (name, pw) VALUES ('tom', PASSWORD('my_pw')); SET @pass='my_pw'; SET @wrong='incorrect'; mysql> SELECT name FROM temp_table WHERE name='tom' AND pw=PASSWORD(@pass); +------+ | name | +------+ | tom | +------+ 1 row in set (0.00 sec) mysql> SELECT name FROM temp_table WHERE name='tom' AND pw=PASSWORD(@wrong); Empty set (0.00 sec) mysql> SELECT name FROM temp_table WHERE name='tom' AND pw IS NULL; Empty set (0.00 sec) (correct) mysql> SELECT name FROM temp_table WHERE name='tom' AND pw=PASSWORD(@undefined); +------+ | name | +------+ | tom | +------+ 1 row in set (0.00 sec) (wrong)