orange08 Posted July 30, 2009 Share Posted July 30, 2009 i have used this line in my .htaccess php_flag display_errors off to turn all the errors off, i thought all the errors won't be displayed in the browser in this case... but, for this kind of error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's quote','test single\\\'s quote', '','','','', '','',' at line 4 it still display in the browser for user...why it's still displayed as i have turned the display_error off? Quote Link to comment Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 error_reporting(0); Quote Link to comment Share on other sites More sharing options...
orange08 Posted July 30, 2009 Author Share Posted July 30, 2009 error_reporting(0); this is what i set in my .htaccess php_flag display_errors off php_value error_reporting 8191 php_flag log_errors on php_value error_log /home/mysite/myfolder/php_errors.log Quote Link to comment Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 error_reporting(0); this is what i set in my .htaccess php_flag display_errors off php_value error_reporting 8191 php_flag log_errors on php_value error_log /home/mysite/myfolder/php_errors.log http://perishablepress.com/press/2008/01/14/advanced-php-error-handling-via-htaccess/ Check that out.. maybe it will help Quote Link to comment Share on other sites More sharing options...
trq Posted July 30, 2009 Share Posted July 30, 2009 That is a mysql error, nothing to do with php. Somewhere in your script you must be outputting mysql_error. Quote Link to comment Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 That is a mysql error, nothing to do with php. Somewhere in your script you must be outputting mysql_error. off topic but... what he said and.... thorpe? allumni or w.e lol... aww u use to help me tons back in the day Quote Link to comment Share on other sites More sharing options...
trq Posted July 30, 2009 Share Posted July 30, 2009 w.e ? Quote Link to comment Share on other sites More sharing options...
phpSensei Posted July 30, 2009 Share Posted July 30, 2009 w.e ? ya didnt know how to spell allumni.. .sry Just remembering when you helped me with my user online script that had like 12 pages cause i was being an idiot. Quote Link to comment Share on other sites More sharing options...
orange08 Posted July 30, 2009 Author Share Posted July 30, 2009 That is a mysql error, nothing to do with php. you meant if it's a mysql error, even though i have set display_errors as off, the error will still display? Somewhere in your script you must be outputting mysql_error. what do you meant here...? please forgive my ignorance... Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted July 30, 2009 Share Posted July 30, 2009 You have an error in your SQL syntax; check the manual ....Is not a php error, so it is not affected by any of the php error settings (unless it happened to be part of a trigger_error() statement.) It is an SQL error that was generated by a query and it was displayed as the result of a mysql_error() statement being executed in your script. The actual error that you posted indicates that the query failed because the query syntax is incorrect. Hiding the error message won't solve anything. Your code still won't work. You must find and fix what ever is causing those type errors. SQL errors that occur because of different data values placed into a query indicate that the data is not being validated and escaped. So, this type of error actually indicates that your code is not secured against a hacker and it really needs to be fixed instead of just trying to hide the error messages. Quote Link to comment Share on other sites More sharing options...
orange08 Posted July 31, 2009 Author Share Posted July 31, 2009 SQL errors that occur because of different data values placed into a query indicate that the data is not being validated and escaped. So, this type of error actually indicates that your code is not secured against a hacker and it really needs to be fixed instead of just trying to hide the error messages. ya, if not mistaken this error occur when i enter " or \ or ' as my user input... the problem is solved when i add mysql_real_escape_string() and htmlentities() for the user input... Is not a php error, so it is not affected by any of the php error settings (unless it happened to be part of a trigger_error() statement.) It is an SQL error that was generated by a query and it was displayed as the result of a mysql_error() statement being executed in your script. so, you meant if my script got "mysql_error()" then this kind of sql error only will be displayed? if i remove this "mysql_error()" from my script then the error won't displayed for me? Quote Link to comment Share on other sites More sharing options...
trq Posted July 31, 2009 Share Posted July 31, 2009 mysql_error returns mysql errors. if you don't want them displayed (which you shouldn't), don't echo mysql_error to the screen. mysql_error if a debugging tool. Quote Link to comment Share on other sites More sharing options...
orange08 Posted July 31, 2009 Author Share Posted July 31, 2009 mysql_error returns mysql errors. if you don't want them displayed (which you shouldn't), don't echo mysql_error to the screen. mysql_error if a debugging tool. seem i get what you all meant now... before this, this is my code $result = mysql_query("SELECT * FROM mytable WHERE....") or die('Query failed: ' . mysql_error()); so, whenever there is an error on my sql query occur, the error message will be just displayed out even though display_errors is set to off. so, now i should modify my code to: $result = mysql_query("SELECT * FROM mytable WHERE....") or trigger_error('Query failed: ' . mysql_error()); and if my display_errors is set to off, then the error message won't be displayed for user...am i right? Quote Link to comment Share on other sites More sharing options...
orange08 Posted August 10, 2009 Author Share Posted August 10, 2009 mysql_error returns mysql errors. if you don't want them displayed (which you shouldn't), don't echo mysql_error to the screen. mysql_error if a debugging tool. anyone can help and give me some tips, please? seem i get what you all meant now... before this, this is my code $result = mysql_query("SELECT * FROM mytable WHERE....") or die('Query failed: ' . mysql_error()); so, whenever there is an error on my sql query occur, the error message will be just displayed out even though display_errors is set to off. so, now i should modify my code to: $result = mysql_query("SELECT * FROM mytable WHERE....") or trigger_error('Query failed: ' . mysql_error()); and if my display_errors is set to off, then the error message won't be displayed for user...am i right? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.