Full path disclosure?

LooieENG · June 29, 2008

How do you prevent it? (stop it showing if there's a MySQL error)

trq · June 29, 2008

Disable display_errors.

papaface · June 29, 2008

@mysql_query("SOMEQUERY");

BUT THIS IS VERY BAD PRACTICE!

Better to do something like:

mysql_query("SOMEQUERY") or die ("An error has ocurred on line * of your code.");

br0ken · June 29, 2008

I personally don't think the error suppressing @ symbol is so bad. I've encapsulated my database functions into a class so I supress the errors using the @ symbol but then manually check for errors using mysql_error(), handle them/report them and exit gracefully rather than just using die() and getting a naff looking error message.

I admit it can be used in a bad way but so can everything in PHP!

LooieENG · June 30, 2008

@mysql_query("SOMEQUERY");
BUT THIS IS VERY BAD PRACTICE!

Better to do something like:
mysql_query("SOMEQUERY") or die ("An error has ocurred on line * of your code.");

I tried that, and then changed a character in my mysql pass, but it just did

mysql error cannot connect with password yes blah blah (full path)

'my error message'

br0ken · June 30, 2008

<?php

$rs  = @mysql_query("SOMEQUERY");

if (mysql_error())
{
echo "Unknown Database Error<br />";
exit;
}

?>

I would advise adding some form of error reporting system into this. I have an email system that sends me an email containing the query and the message in mysql_error().

Sign In

Full path disclosure?

Recommended Posts

LooieENG

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

papaface

Link to comment

Share on other sites

br0ken

Link to comment

Share on other sites

LooieENG

Link to comment

Share on other sites

br0ken

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information