ajoo

Hi Jacques, Thanks you very much. I had sent you a query on your personal messenger too. Kindly revert at your convenience. Thanks loads !!!

Hi Jacques, Thanks for the last reply and I have been trying out that code snippet to understand exceptions. From This : try { $con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = "Select ID, UserLogin from test where SNo = ?"; $stmt = $con->prepare($query); $stmt->bind_param('i',$sno); if($stmt->execute()) { // throw new exception("HAHAH"); $stmt->bind_result($ID,$user); $stmt->store_result(); $stmt->fetch(); echo " WOW "; } }catch(mysqli_sql_exception $e){ echo $e->myMessage." NO GO"; } I observed that only $con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $query = "Select ID, UserLogin from test where SNo = ?"; $stmt = $con->prepare($query); $stmt->bind_param('i',$sno); if($stmt->execute()) this part of the code produced mysqli_sql_exceptions type exceptions. Even there the bind_param produced the error if I created a mismatch in the number of parameters. The rest of the lines $stmt->bind_result($ID,$user); $stmt->store_result(); $stmt->fetch(); did not produce any mysqli_sql_exceptions type exceptions even though it gave warnings, with display_errors directive turned on, when i deliberately added an extra parameter in bind_result or added a parameter to store_result(). I gather from this that the last 3 lines of code above would not generate an exception of type mysqli_sql_exceptions which are generated only by the other set of initial lines of code ( till and including $STMT->execute() ) and I guess those are the lines that would actually throw the true kind of mysqli_sql_exceptions that are caused by query failure due to whatever reason. Others commands simply manipulate the retrieved data. Is that correct ? Thank you very much.

Hi Guru Jacques, I have another and related question on this & that is that is on extending the Exceptions class. So suppose it is wished to capture only the database related exceptions and we are using mysqli prepared statements in code which is predominantly procedural then if we subclass like class DBExceptions extends Exceptions then how can this (extending of the Exceptions class as DBExceptions) be used to catch the mysqli related exceptions in the following code where a function LC($link) is called in a try catch block and any DBExceptions are caught in the catch block. try { $verify = LC($link); $vu = true; }catch(DBException $e){ // do whatever on catching the DBException } function LC($con) { if(isset($_SESSION['id'],$_SESSION['user_id'],$_SESSION['usr'],$_SESSION['login_string'])) { $id = $_SESSION['id']; $user_id = $_SESSION['user_id']; $username = $_SESSION['usr']; $login_string = $_SESSION['login_string']; $user_browser = $_SERVER['HTTP_USER_AGENT']; $ip = $_SERVER['REMOTE_ADDR']; $query = "SELECT salt FROM loginstatus WHERE id = ? && status = 'ABA' LIMIT 1"; $stmt = $con->prepare($query); $stmt->bind_param('i',$id); $stmt->execute() $stmt->bind_result($salt); $stmt->fetch() $LC = crypt($user_browser.$id.$ip, $salt); if(isset($_SESSION['login_string']) && $_SESSION['login_string'] == $LC) { $stat = "Logged in !!"; return true; } }else return false; } Once again what I am trying to ask is that assuming the function LC() can throw any kind of exception including DBException how will the catch block know which exception is the one that is in the category of DBExceptions and catch that only? If I extend the Exceptions class as I have done above, then would I also be obliged to write some error / exception log function or would php continue to do that by itself? I wish to do the bare minimum, as advised by you and leave all the error / exception handling to php. I just want to make sure that if the exception / error is database related then the program is terminated with an appropriate friendly message on a nice page to the end user. P.S. I know the function is using a few things like HTTP_USER_AGENT & REMOTE_ADDR which you advise against but kindly overlook them since I am using this code as an example in support of my question. Thanks loads.

Hi Jacques, Thanks for being so patient with me. Disabling display_errors and display_startup_errors worked exactly as you suggested. It generates an error 500 message which is caught by the error_handler and displays the custom message. It is also handling exceptions as you suggested by you. Disabling the two error messages and experimenting with errors and exceptions has given me a better insight into them. I don't profess that I know it all but still I feel that quite a few of my doubts have been cleared. WIll revert back with any more questions or queries if I have them. Thanks a lot.

Hi Jacques, Thanks for the reply. Yes I am using Apache and the xampp stack. The php version that I have installed is 5.6.8. I just tried your code example in the article titled "The mystery of errors and exceptions". I deliberately inserted a parse error and got the error on the screen Parse error: syntax error, unexpected ')' in D:\xampp\htdocs\xampp\magics\index.php on line 3 If the production environment was set then it would have suppressed this message as well and would have shown a blank screen. Instead, all I want is to be able to show a simple message on a nice html page saying that an error has occurred and will be resolved soon, without divulging any technical details to the user. Since I also want to display a similar message for any run-time exceptions that may occur,do I also need to set an exceptions handler? I have used try - catch blocks around code that access the database and I want to catch database related exceptions in the catch block and retry a few times as also explained in one of your replies. I have used mysqli for the database. For any other run-time errors I simply want the exception handler to display a user friendly message before terminating the problem. Can errors and exceptions be handled using a common handler or should a simple one be written for exceptions too using a set_exception_handler function? I re-iterate that I do not wish to handle errors or exceptions any more than displaying a user friendly message to user, nor do i wish to generate any logs which the server does for us as you have already explained. I want these to be as simple as possible. Sorry if I am taking a long time understanding these. Just want to be doubly sure. Thanks again very much.

HI, Would you be kind enough to explain the usage of the following two functions functions : 1. exception_handler($e) 2. set_exception_handler('exception_handler') I think they are analogous to the two functions register_shutdown_function('handle_fatal_errors') & handle_fatal_errors() Do we need to use just one set ? In case we use the exceptions_handler then what modifications would be required as has been explained for the errors' functions in your article? ( i.e. to say how would we set the auto_prepend_file directive and the fatal_error_handler.php code) Thanks loads

Hi Guru Jacques, Really good to receive a reply from you. Your link seems to be a treasure on exceptions. I'll go through and revert with any questions. Thank you very much.

Hi All, I have touched upon exceptions earlier. However I am still not sure if I am handling them correctly. try { ... ... ... }catch(Exception $e){ if($prod === true) // In production mode { header("Location: exceptions/errors.php") exit(); } if($dev === true) // In development mode { echo $e->getMessage(); // & if needed log the errors / exceptions into a file. exit(); } } I would like to ask if using the function header() to load the errors.php page is a good and safe practice. Or is there a better way to load the errors.php. If I load the errors page as in the snippet, do I also have to log the errors myself in some files or is php going to do that in any case. Any improvements or suggestions are welcome. Thanks all ! P.S. Googling exceptions gives loads of information but seldom does it touch the issue of loading an errors page when an exception occurs.

Hi Jacques1 and Psycho. Thank you both for the inputs. Jacques1 really good to see you back after a long break !! Psycho thanks for that example. That should solve it for sure. Thanks again to both of you Gurus.

Hi, So I tested a bit and i found that the array is translated into something like this : 4%2C3%2C4%2C3%20%2C4%2C3%2C4%2C3%20%2C2%2C3%2C2%2C3%20%2C3%2C3%2C3%2C3%20%2C3%2C3%2C3%2C3%20 and this is what is received in PHP. I guess this would be a long string that is received by PHP. Now then the question is how to sanitize this and such strings to ensure that they are composed of numbers, spaces and commas and maybe the - sign as well and do not have anything that could pose a security risk. Thank you all.

Hi !! Thanks for that super fast response. Well I will elaborate a bit on the data. Its actually coming from flash and is stored there in an array. trys_per_minute = Array(); . . // trys_per_minute is filled with values lvv.db_trys_per_minute = trys_per_minute; // (1,2,3,4 1,1,1,1 3,2,2,1, 1,2,2,1) etc. lvv.sendAndLoad(path+"trys.php",lvInn,"POST"); // & sent as POST array to PHP Frankly I am not sure how these values will be handled in php whether as an array or as a string. Maybe you can guide me on how I should handle them on the PHP side. What I do know is that I want to add these in the DB so that I may remove them and separate them on the spaces and then use each substring as a a independent string and further explode them at the "," when I need to and extract the digits. So How may I sanitize them before I add them into the DB. I hope I am able to express myself make clearly here. Thanks very much.

Hi all ! I have an array made up of strings of comma separated numbers and these strings are separated from each other by a space like this : "1,2,3,4 1,1,1,1 2,2,2,2 4,4,4,4 1,1,1 2,2,2 3,3,3 " etc. i.e. the array is made up of comma separated strings like 1,2,3,4 separated by a space and then another string 1,1,1,1. I would like to know if I can use the filter_var_array for sanitizing these strings and how? If it is not possible to use the filter_var_array then how can I sanitize the array values before inserting them into a DB. Any help is highly appreciated. Thanks all.

Hi, I liked the interface but did not check it for functionality or any such thing. However I did not see a logout button anywhere when I wanted to logout. Thanks.

Hi QuickOldCar, Thanks once again for the response. I was looking for an affirmation on using the exit and header functions since I read that using die(), exit() and header() was bad form and should be avoided and replaced by none else than an exceptions handler. But I guess to terminate as I mentioned I would need to use either exit or die as suggested by you. Thanks very much.

Hi , Thanks for the response. Kindly also explain how can I get the code to discontinue execution once an exception occurs. In the snippet, once the exception is thrown in the function, the code after that in that block function is not executed but once back in the main it goes on to echo "Hurray". This is what I want to avoid. So once the exception occurs, I want the code terminated totally, a message displayed to the user on a nice page ( through redirection as you suggested.) Further is it possible to ensure that the user cannot return to the previous page through the backspace or browser buttons. Thanks very much !

Hi all, I have a snippet of code below. It connects to a DB and then calls a function findMail() if all is well. Code: <?php $host = 'localhost'; $user = 'root'; $password = ''; $database = 'test'; // connect try { $con = new mysqli($host,$user,$password,$database); if($con->connect_errno > 0) throw new Exception("Server goof up!"); mysqli_set_charset($con, "utf8"); } catch(Exception $e){ $e->getMessage(); } if(findMail($con)) echo "<br> Hurray !!"; function findMail($con) { try { $query = "SELECT name, email from users"; $stmt=$con->prepare($query); throw new exception("Problem in DB"); if($stmt->execute()) { $stmt->bind_result($name, $email); while ($stmt->fetch()) { $email = htmlspecialchars($email); $name = htmlspecialchars($name); echo $name.' ---- '.$email.'<br>'; } } } catch(Exception $e){ $e->getMessage(); } return true; } ?> The function findMail() executes a query and displays the name and email from the DB, returns and prints Hurray. If there is an exception thrown in the handling of the DB within the function, then the names and emails from the DB are not echoed, the function returns and prints only Hurray!. Now if it is critical that findMail() executes successfully for the program to proceed further. ( print hurray on exiting the function) i.e it is important for the call to DataBase not fail, then how should this exception be handled by the program to gracefully exit the program then and there. ( Not print hurray). Kindly explain by extending the snippet above. Would this be an ideal case for making a call to an error page ( such as 404) on exit to inform the cliet to try again later maybe? Also how can we ensure that any attempts to reload the previous page using a back key be foiled. Thanks loads everyone.

Thanks quickold car for the correct answer and requinix for the good advice !!

Yes, correct. So how to suppress the php Warning ? I do not wish to use the @ operator for this. Is there any other way ? Thanks

Hi all ! I have been using this snippet below to study exceptions: <?php mysqli_report(MYSQLI_REPORT_STRICT); try { $connection = new mysqli('localhos', 'root', '', 'test') ; } catch (Exception $e ) { echo "Server Error"; } ?> If, as in the snippet, I misspell the localhost, I am unable to override the php's own message. If, on the other hand I just misspell say the database name with the host spelt correctly, it overrides the php's default message. ( Default messages in both examples above being different). with the host name misspelt I receive the following warning: With the host name correct but a wrong database name I get the message defined in the snippet. Namely "Server Error". Kindly help resolve this. Thanks very much.

Hi Zane, Thanks for the information !! Will check him out there.

Hi dc909, Stumbled on this old mail by chance. try this: in default.php add the line define('GOPASS',true); in index.php add the following line: if(!defined('GOPASS')) die('cannot execute this file directly'); hope it helps.

Hi to all ! Thanks Josh ! I checked that side ---> but could not find him !! lol ! I meant like another forum maybe. /\ Still searching for Jacques1. <--- | ----> \/

Hi all, It's been a long time since I saw Jacques1 active i.e. reply to any questions on this forum. I just want to ask if anyone knows if he is still on phpfreaks. Any other place where he can be contacted or maybe his email ID if anyone has it. Thanks all.

Hi Ch0cu3r, Thanks for the reply. I made the mistake of commenting out the return(false) instead of the alert. However what I am trying to achieve is still elusive. What I am trying to achieve is that when the link(s) are clicked, they should be disabled / become invisible but I am trying not to use jquery or javascript for the same. I am trying to pass a variable thru ajax (dataval) and based on its value display or bypass the div that holds the links. The value of the dataval should be changed by the including pages ( Page1.php, Page2.php) to re-enable the display of the links in the div if and when required. I thought that this should be not difficult but now it is making me wonder. Kindly help me figure this out if it can be achieved. Thanks !

Hi ! Still awaiting for someone to enlighten me on this one. Thanks all.