homepage Welcome to WebmasterWorld Guest from 54.226.213.228
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
error reporting and security
to remove or not to remove
punisa




msg:3898685
 3:09 pm on Apr 23, 2009 (gmt 0)

Hello everyone,
across my whole site I call data from my database like so:


$sql = "SELECT title FROM comments WHERE name='johndoe' LIMIT 1";
$result = mysql_query($sql, $conn)
or die('Could not get data; ' . mysql_error());
if (mysql_num_rows($result) == 0) {
} else {
while ($row = mysql_fetch_array($result)) {
...OUTPUT DATA
}
}

As I heard before this part is potentially dangerous:

or die('Could not get data; ' . mysql_error());

Should I just remove that part across my whole site once I'm done editing it?

 

lobo235




msg:3898718
 3:51 pm on Apr 23, 2009 (gmt 0)

I would suggest writing a function that will email the error and query to yourself and then spit out a generic error message to the user like "There was a critical error encountered while performing your request. The webmaster has been notified of the problem. Please try reloading the page or try your request at a later time."

function emailError( $query, $error )
{
$time = date( 'Y-m-d H:i:s' );
$msg .= "\n<br />\n<b>Page:</b> ".$_SERVER["REQUEST_URI"];
$msg .= "\n<br />\n<b>Time:</b> ".$time;
$msg .= "\n<br />\n<b>Query:</b> ".$query;
$msg .= "\n<br />\n<b>Error:</b> ".$error;
$headers = "Content-type: text/html; charset=iso-8859-1\n";
$headers .= "From: sqlerrors@example.com";
mail( 'email@example.com', $subject, $msg, $headers);
return "<h3>There was a critical error encountered while performing your request. The webmaster has been notified of the problem. Please try reloading the page or try your request at a later time.</h3>";
}

Then just call it like this:

mysql_query($sql, $conn) or die(emailError($sql, mysql_error()));

punisa




msg:3898730
 4:04 pm on Apr 23, 2009 (gmt 0)

That's a very good idea, thank you :)

eeek




msg:3899120
 11:27 pm on Apr 23, 2009 (gmt 0)

Include a backtrace in the email as well.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved