When relying on the password authentication mode for the database connection, a secure password should be chosen.
This rule raises an issue when an empty password is used.
Noncompliant Code Example
// example of an empty password when connecting to a mysql database
$conn = new mysqli($servername, $username, "");
Compliant Solution
// generate a secure password, set it to the username database, and store it in a environment variable for instance
$password = getenv('MYSQL_SECURE_PASSWORD');
// then connect to the database
$conn = new mysqli($servername, $username, $password);
See