Properly handle bad SQL?

[cademichaels]

1. How would I properly handle a bad SQL string query? For example if the $table provided doesn't exist, the where expression is invalid, or the $field doesn't exist?

2.  

function GetMax($field, $table, $WhereExpression) {

$con = mysqli_connect(ServerHostName, ServerUser, ServerPass, ServerDB);

if (mysqli_connect_errno()) {

echo "Failed to connect to MySQL: " . mysqli_connect_error();

exit();

}

 

$q = "SELECT Max($field) AS MaxOfGetMax FROM $table WHERE $WhereExpression";

 

$rst = mysqli_query($con, $q);

if ($rst=false){

if ($row = mysqli_fetch_array($rst))

{

return $row["MaxOfGetMax"];

}

return null;

}

 

}

[Barand]

Use the site's code tags or <> button in toolbar.

 

The comparison operator is "==" and not "="

if (!$rst) {
     // handle the error eg
    die (mysqli_error($con));
}
else {
   if ($row = mysqli_fetch_assoc($rst) {
        // process row
   }
}

[Ch0cu3r]

When an error occurs mysqli_query will return false. You'd then use mysqli_error to get the error message from mysql. The specific error codes for an unknown table is 1146 and for columns it is 1054 

 

List of MySQL error codes

http://dev.mysql.com/doc/refman/5.5/en/error-messages-server.html

[objnoob]

Sorry, but not exit()  nor  die()  be proper ways to handle errors when content-type: text/html