@@ -3055,12 +3055,12 @@ private function checkIfMariaDBPwdCheckPluginActive(): bool
30553055 */
30563056 public function getSqlQueriesForDisplayAndAddUser (string $ usernamestring $ hostnamestring $ passwordarray
30573057 {
3058- $ slashedUsername$ this dbi ->escapeString ($ username
3059- $ slashedHostname$ this dbi ->escapeString ($ hostname
3060- $ slashedPassword$ this dbi ->escapeString ($ password
3058+ $ slashedUsername$ this dbi ->quoteString ($ username
3059+ $ slashedHostname$ this dbi ->quoteString ($ hostname
3060+ $ slashedPassword$ this dbi ->quoteString ($ password
30613061 $ serverVersion$ this dbi ->getVersion ();
30623062
3063- $ createUserStmtsprintf ('CREATE USER \' %s \' @ \' %s \' ' , $ slashedUsername$ slashedHostname
3063+ $ createUserStmtsprintf ('CREATE USER %s@%s ' , $ slashedUsername$ slashedHostname
30643064 $ isMariaDBPwdPluginActive$ this checkIfMariaDBPwdCheckPluginActive ();
30653065
30663066 // See https://github.com/phpmyadmin/phpmyadmin/pull/11560#issuecomment-147158219
@@ -3088,11 +3088,11 @@ public function getSqlQueriesForDisplayAndAddUser(string $username, string $host
30883088 $ createUserReal$ createUserStmt
30893089 $ createUserShow$ createUserStmt
30903090
3091- $ passwordSetStmt'SET PASSWORD FOR \' %s \' @ \' %s \' = \' %s \' ' ;
3092- $ passwordSetShowsprintf ($ passwordSetStmt$ slashedUsername$ slashedHostname'*** ' );
3091+ $ passwordSetStmt'SET PASSWORD FOR %s@%s = %s ' ;
3092+ $ passwordSetShowsprintf ($ passwordSetStmt$ slashedUsername$ slashedHostname'\' *** \' ' );
30933093
30943094 $ sqlQueryStmtsprintf (
3095- 'GRANT %s ON *.* TO \' %s \' @ \' %s \' ' ,
3095+ 'GRANT %s ON *.* TO %s@%s ' ,
30963096 implode (', ' , $ this extractPrivInfo ()),
30973097 $ slashedUsername
30983098 $ slashedHostname
@@ -3120,24 +3120,24 @@ public function getSqlQueriesForDisplayAndAddUser(string $username, string $host
31203120 // MariaDB uses 'USING' whereas MySQL uses 'AS'
31213121 // but MariaDB with validation plugin needs cleartext password
31223122 if (Compatibility::isMariaDb () && ! $ isMariaDBPwdPluginActive
3123- $ createUserStmt' USING \' %s \' ' ;
3123+ $ createUserStmt' USING %s ' ;
31243124 } elseif (Compatibility::isMariaDb ()) {
3125- $ createUserStmt' IDENTIFIED BY \' %s \' ' ;
3125+ $ createUserStmt' IDENTIFIED BY %s ' ;
31263126 } elseif (Compatibility::isMySqlOrPerconaDb () && $ serverVersion80011 ) {
31273127 if (! str_contains ($ createUserStmt'IDENTIFIED ' )) {
31283128 // Maybe the authentication_plugin was not posted and then a part is missing
3129- $ createUserStmt' IDENTIFIED BY \' %s \' ' ;
3129+ $ createUserStmt' IDENTIFIED BY %s ' ;
31303130 } else {
3131- $ createUserStmt' BY \' %s \' ' ;
3131+ $ createUserStmt' BY %s ' ;
31323132 }
31333133 } else {
3134- $ createUserStmt' AS \' %s \' ' ;
3134+ $ createUserStmt' AS %s ' ;
31353135 }
31363136
31373137 if ($ _POST 'pred_password ' ] === 'keep ' ) {
31383138 $ createUserRealsprintf ($ createUserStmt$ slashedPassword
31393139 } elseif ($ _POST 'pred_password ' ] === 'none ' ) {
3140- $ createUserRealsprintf ($ createUserStmtnull );
3140+ $ createUserRealsprintf ($ createUserStmt'' );
31413141 } else {
31423142 if (
31433143 ! ((Compatibility::isMariaDb () && $ isMariaDBPwdPluginActive
@@ -3152,13 +3152,13 @@ public function getSqlQueriesForDisplayAndAddUser(string $username, string $host
31523152 $ createUserRealsprintf ($ createUserStmt$ hashedPassword
31533153 }
31543154
3155- $ createUserShowsprintf ($ createUserStmt'*** ' );
3155+ $ createUserShowsprintf ($ createUserStmt'\' *** \' ' );
31563156 } elseif ($ _POST 'pred_password ' ] === 'keep ' ) {
31573157 // Use 'SET PASSWORD' syntax for pre-5.7.6 MySQL versions
31583158 // and pre-5.2.0 MariaDB versions
31593159 $ passwordSetRealsprintf ($ passwordSetStmt$ slashedUsername$ slashedHostname$ slashedPassword
31603160 } elseif ($ _POST 'pred_password ' ] === 'none ' ) {
3161- $ passwordSetRealsprintf ($ passwordSetStmt$ slashedUsername$ slashedHostnamenull );
3161+ $ passwordSetRealsprintf ($ passwordSetStmt$ slashedUsername$ slashedHostname'' );
31623162 } else {
31633163 $ hashedPassword$ this getHashedPassword ($ _POST 'pma_pw ' ]);
31643164 $ passwordSetRealsprintf ($ passwordSetStmt$ slashedUsername$ slashedHostname$ hashedPassword
@@ -3178,7 +3178,7 @@ public function getSqlQueriesForDisplayAndAddUser(string $username, string $host
31783178 $ realSqlQuery$ sqlQueryStmt
31793179 $ sqlQuery$ sqlQueryStmt
31803180
3181- $ alterSqlQueryStmtsprintf ('ALTER USER \' %s \' @ \' %s \' ' , $ slashedUsername$ slashedHostname
3181+ $ alterSqlQueryStmtsprintf ('ALTER USER %s@%s ' , $ slashedUsername$ slashedHostname
31823182 $ alterRealSqlQuery$ alterSqlQueryStmt
31833183 $ alterSqlQuery$ alterSqlQueryStmt
31843184 }
0 commit comments