Real-World DB Connections
Moderator: General Moderators
-
Scooter5791
- Forum Newbie
- Posts: 2
- Joined: Sat Mar 31, 2007 9:43 am
Real-World DB Connections
I am very new to PHP but have been coding for many years in other languages. I now have a new project that will be done in PHP/MySql. As I look at basic examples for connecting to the database I see examples that use an "or die" clause to catch connection failures:
$db = mysql_connect('localhost', 'user', 'password') or die(mysql_error());
Why would I want to do this in a real project? If the connection fails, this code displays a raw error message ( ugly at best, possible security compromise at worst by displaying db usename etc.). Isn't there a more professional solution most coders use for their real-world sites so that this doesn't display a useless and ugly error message to the user but rather displays a more user-friendly error page and also notifies the developer of the problem (error info via email or similar)? In our projects we never display raw error messages to the user as a rule. Any advice on how else to handle this would be greatly appreciated.
$db = mysql_connect('localhost', 'user', 'password') or die(mysql_error());
Why would I want to do this in a real project? If the connection fails, this code displays a raw error message ( ugly at best, possible security compromise at worst by displaying db usename etc.). Isn't there a more professional solution most coders use for their real-world sites so that this doesn't display a useless and ugly error message to the user but rather displays a more user-friendly error page and also notifies the developer of the problem (error info via email or similar)? In our projects we never display raw error messages to the user as a rule. Any advice on how else to handle this would be greatly appreciated.
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
Normally I redirect errors etc to some error handling routine. Unless the user is an "admin" or a unique "debug" indentifier is set I never display the error message for the reason you suggest. The "die" method is generally used for tutorials as it is simple to implement but doesn't take much explaining. Unfortunately once set in people's minds they don't normally think of the consequences. The precise method of error handling I use depends on a lot of factors. It could just be a function, a redirect or a thrown exception.
As an aside I see an awful lot of code on these forums with no error trapping, even a die.. A lot depends on where people learn't php from and what their background is. Coding tutorials teach how to code, not good practice.
As an aside I see an awful lot of code on these forums with no error trapping, even a die.. A lot depends on where people learn't php from and what their background is. Coding tutorials teach how to code, not good practice.
/signedCoderGoblin wrote:The "die" method is generally used for tutorials as it is simple to implement but doesn't take much explaining. Unfortunately once set in people's minds they don't normally think of the consequences.
If I have to name two (or three) major advances in coding/software engineering it'll be: (runtime type information,) garbage collection and exceptions. A basic sql tutorial using exceptions could be something like
Code: Select all
$dbh = new PDO('pgsql:host=localhost ...');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->query ....But that would mean "Goodbye to all of you still stuck with php4" and maybe "Goodbye to all of you unable to use PDO" since it's the only db extension that makes use of exceptions (afaik).
I find one off the best ways to do it and one off my favourite things about php is the way the if statment works, its slightly different to other languages as you can put a statment in and if it fails it will goto the else
if($db = mysql_connect('localhost', 'user', 'password') or die(mysql_error()); )
{
....
}
else
{
echo "Unable to connect to db";
mail( 'me@me.com', 'unable to connect to db', mysql_error());
....
}
something like that would display a nicer error message with no compramise and alert the developer
if($db = mysql_connect('localhost', 'user', 'password') or die(mysql_error()); )
{
....
}
else
{
echo "Unable to connect to db";
mail( 'me@me.com', 'unable to connect to db', mysql_error());
....
}
something like that would display a nicer error message with no compramise and alert the developer
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
mysql_error() should not be used to output anything in a production application. Many tutorials use it as an example of catching failure, though I am not to keen on it myself. If you are developing for PHP5 use exceptions. If you have to stay in PHP4, you can still catch failure using an if/else construct, but you control what is output. You can still use die(), just don't output the error message.
Code: Select all
<?php
if (!$con = mysql_connect('localhost', 'billyboy', 'billyrunsongoatcheese'))
{
die('There was a problem connecting to the database. The server administrator has been notified of this situation.');
// Code your notification routine here
}
// At this point your link identifier is now stored in $con for use later
?>-
Scooter5791
- Forum Newbie
- Posts: 2
- Joined: Sat Mar 31, 2007 9:43 am
- CoderGoblin
- DevNet Resident
- Posts: 1425
- Joined: Tue Mar 16, 2004 10:03 am
- Location: Aachen, Germany
php.net Exceptions is a quick overview. If you want more you could try Devshed - Introducing Exceptions.
A short introduction to the advateges of exceptions can be found at http://java.sun.com/docs/books/tutorial ... tages.html
- stereofrog
- Forum Contributor
- Posts: 386
- Joined: Mon Dec 04, 2006 6:10 am
Very funny one.CoderGoblin wrote:If you want more you could try Devshed - Introducing Exceptions.
This is exactly how exceptions should not be used.Devshed article wrote: if(!$content=file_get_contents("{$this->fileDir}{$this->file}.php")){
throw new Exception('Unable to read file contents');
}