Jump to content

Recommended Posts

Hi I have lots of 'or die' functions returning helpfull error codes enabling me to find the function that was responsible like.

$row = mysql_num_rows($query) or die ("E1101"); // This works

 

The problem is the previuse function

connectDB(1); this connects to database 1 with 

$link = mysql_connect($host, $user, $pass) or die("E2020");

 

However this does not work. It does not give me 'E2020' Instead it still gives a hacker a lot of information like.

 

Warning: mysql_connect() [function.mysql-connect]: Access denied for user: 'desmond@222.171.218.190' (Using password: YES) in /home/fhlinux190/d/des-otoole.co.uk/user/htdocs/HC2010/includes/HCfunctions.php on line 77

 

WHY Using password: YES

I changed the password to a false one to test this but the password was not YES.

 

I realy need to trap this properly without giveing a hacker all my database information.

 

Link to comment
https://forums.phpfreaks.com/topic/198362-help-with-or-die-function/
Share on other sites

Actualy I havent published any information. I changed it befote posting.

I don't want to turn off errors.

I want to do things like

$row = mysql_num_rows($query) or die ("E1101");

This does not help the hacker but does help me discover which one of a thousand functions is responsible for the error. So no disable error. What I would like is for mysql_connect()

to report a user specific error.

 

 

 

You aren't developing on the live site right? Get a development site or develop on your local computer. That will allow you to display errors when developing, but hide them in production.

 

Your error handling still sucks though. Have you ever seen any serious website just display a blank page with "E2020" on it when an error occurs?

My error handeling might apear to suck but if invalid information is entered I need some way of knowing what is going on. These errors whould hardly appear. I intend to redirect to a webpage with more usefull information.

However the php online manual says

<?php
$link = mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?> 

 

This does not work. I have tried the following.

  $link = mysql_connect($host, $user, $pass);
  if (!$link)
  {
    die('Could not connect:');
    exit;
  }

 

I would not do it like that, unless you want to echo something which you shouldnt unless it says "sorry etc etc", logging should be done server side, here is a simple way i used to do it:

 

function sql_check(){
   if(!empty(mysql_error())){
      // Do Logging Here (file or whatever).
      // DEVELOPMENT:
      exit(mysql_error());
   }
}

$connect = @mysql_connect($host,$user,$pass);
sql_check();
$query = "SELECT ...";
$result = @mysql_query($query);
sql_check();

 

This is a real simple way to do it, but it works. @ is used for production code (released code), so no errors are sent to the client.

 

-CB-

@ is used for production code (released code), so no errors are sent to the client.

 

Or to a developer if he tries to debug...

error logging, error reporting level, and error displaying can all be set up using php.ini directives (or even during runtime). You can have a 'config' file for development environment and another for production development that will set up these variables accordingly.

 

Instead of exit()ing or die()ing, wrap your code in try{}catch blocks and use Exceptions. You can even override default error handler to throw exceptions for pretty much everything except syntax and fatal errors.

If it's returning anything other than E2020, it's probably another statement triggering the error. The or die() won't just arbitrarily decide to echo the mysql_error() when it's given some other error message. Throw a trigger_error() around it and see if it shows up in the php error log.

Yes it hides the error output full stop. You should never assume ini directives to be a specific value OR that they can be changed or your script will not work on half the most common web hosting servers.

 

And i purposely excluded stating the Try/Catch method with exceptions as this is a step down from Pear Error Handling (Which is more robust), so it would be pointless to satte, and the fact that this person is new so its best to stick to easy methods of his solutions, and let him advance his work instead of spending days on one functionality or giving up altogether.

 

For future advice, make sure you complete this script (so you get some experience in php), then you can learn more advanced techniques for more advanced scripts. Which you will need experience for regardless.

 

-CB-

You should never assume ini directives to be a specific value OR that they can be changed or your script will not work on half the most common web hosting servers.

 

This is all true of course, however all settings related to error handling can be (and ideally should be) set up at runtime

http://pl.php.net/manual/en/ref.errorfunc.php

Totally agree mchl, all error handling should be set in stone before anything else, that way more of the script execution is covered by the error handling and there is less execution not covered. Basically put, Make sure you know where your errors are :P.

 

-CB-

Hi I am familier with try catch etc but not triger error. I have no access to the server ini file. Can someone show me a foolproof method using any of the following lines please where there is a wrong user or password etc..

 

  $link = mysql_connect($host, $user, $pass);
  $database = @mysql_select_db ($data, $link);

Thanks Mchl this

http://pl.php.net/manual/en/ref.errorfunc.php

is very usefull. I could make a dedicated error page with this. I still need to know how to trap the

 

$link = mysql_connect($host, $user, $pass); 

$database = @mysql_select_db ($data, $link);

 

Desmond.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.