display of this type of error

[orange08]

i have used this line in my .htaccess

php_flag display_errors off

 

to turn all the errors off, i thought all the errors won't be displayed in the browser in this case...

but, for this kind of error

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's quote','test single\\\'s quote', '','','','', '','',' at line 4

 

it still display in the browser for user...why it's still displayed as i have turned the display_error off?

[phpSensei]

error_reporting(0);

[orange08]

error_reporting(0);

 

this is what i set in my .htaccess

php_flag display_errors off
php_value error_reporting 8191
php_flag log_errors on
php_value error_log /home/mysite/myfolder/php_errors.log

[phpSensei]

error_reporting(0);

 

this is what i set in my .htaccess

php_flag display_errors off
php_value error_reporting 8191
php_flag log_errors on
php_value error_log /home/mysite/myfolder/php_errors.log

 

http://perishablepress.com/press/2008/01/14/advanced-php-error-handling-via-htaccess/

 

Check that out.. maybe it will help

[trq]

That is a mysql error, nothing to do with php.

 

Somewhere in your script you must be outputting mysql_error.

[phpSensei]

That is a mysql error, nothing to do with php.

 

Somewhere in your script you must be outputting mysql_error.

 

off topic but...

what he said and.... thorpe? allumni or w.e lol...

 

aww u use to help me tons back in the day

[trq]

w.e ?

[phpSensei]

w.e ?

ya didnt know how to spell allumni.. .sry

 

Just remembering when you helped me with my user online script that had like 12 pages cause i was being an idiot. 

[orange08]

That is a mysql error, nothing to do with php.

 

 

 

you meant if it's a mysql error, even though i have set display_errors as off, the error will still display?

 

Somewhere in your script you must be outputting mysql_error.

 

what do you meant here...? please forgive my ignorance...

[PFMaBiSmAd]

You have an error in your SQL syntax; check the manual ....

Is not a php error, so it is not affected by any of the php error settings (unless it happened to be part of a trigger_error() statement.)

 

It is an SQL error that was generated by a query and it was displayed as the result of a mysql_error() statement being executed in your script.

 

The actual error that you posted indicates that the query failed because the query syntax is incorrect. Hiding the error message won't solve anything. Your code still won't work. You must find and fix what ever is causing those type errors.

 

SQL errors that occur because of different data values placed into a query indicate that the data is not being validated and escaped. So, this type of error actually indicates that your code is not secured against a hacker and it really needs to be fixed instead of just trying to hide the error messages.

[orange08]

SQL errors that occur because of different data values placed into a query indicate that the data is not being validated and escaped. So, this type of error actually indicates that your code is not secured against a hacker and it really needs to be fixed instead of just trying to hide the error messages.

 

ya, if not mistaken this error occur when i enter " or \ or ' as my user input...

the problem is solved when i add mysql_real_escape_string() and htmlentities() for the user input...

 

Is not a php error, so it is not affected by any of the php error settings (unless it happened to be part of a trigger_error() statement.)

 

It is an SQL error that was generated by a query and it was displayed as the result of a mysql_error() statement being executed in your script.

 

so, you meant if my script got "mysql_error()" then this kind of sql error only will be displayed? if i remove this "mysql_error()" from my script then the error won't displayed for me?

[trq]

mysql_error returns mysql errors. if you don't want them displayed (which you shouldn't), don't echo mysql_error to the screen.

 

mysql_error if a debugging tool.

[orange08]

mysql_error returns mysql errors. if you don't want them displayed (which you shouldn't), don't echo mysql_error to the screen.

 

mysql_error if a debugging tool.

 

seem i get what you all meant now...

before this, this is my code

$result = mysql_query("SELECT * FROM mytable WHERE....") or die('Query failed: ' . mysql_error());

 

so, whenever there is an error on my sql query occur, the error message will be just displayed out even though display_errors is set to off.

 

so, now i should modify my code to:

$result = mysql_query("SELECT * FROM mytable WHERE....") or trigger_error('Query failed: ' . mysql_error());

 

and if my display_errors is set to off, then the error message won't be displayed for user...am i right?

[orange08]

mysql_error returns mysql errors. if you don't want them displayed (which you shouldn't), don't echo mysql_error to the screen.

 

mysql_error if a debugging tool.

 

anyone can help and give me some tips, please?

 

seem i get what you all meant now...

before this, this is my code

$result = mysql_query("SELECT * FROM mytable WHERE....") or die('Query failed: ' . mysql_error());

 

so, whenever there is an error on my sql query occur, the error message will be just displayed out even though display_errors is set to off.

 

so, now i should modify my code to:

$result = mysql_query("SELECT * FROM mytable WHERE....") or trigger_error('Query failed: ' . mysql_error());

 

and if my display_errors is set to off, then the error message won't be displayed for user...am i right?