Page 1 of 1
Real-World DB Connections
Posted: Mon May 14, 2007 8:43 am
by Scooter5791
I am very new to PHP but have been coding for many years in other languages. I now have a new project that will be done in PHP/MySql. As I look at basic examples for connecting to the database I see examples that use an "or die" clause to catch connection failures:
$db = mysql_connect('localhost', 'user', 'password') or die(mysql_error());
Why would I want to do this in a real project? If the connection fails, this code displays a raw error message ( ugly at best, possible security compromise at worst by displaying db usename etc.). Isn't there a more professional solution most coders use for their real-world sites so that this doesn't display a useless and ugly error message to the user but rather displays a more user-friendly error page and also notifies the developer of the problem (error info via email or similar)? In our projects we never display raw error messages to the user as a rule. Any advice on how else to handle this would be greatly appreciated.
Posted: Mon May 14, 2007 9:06 am
by CoderGoblin
Normally I redirect errors etc to some error handling routine. Unless the user is an "admin" or a unique "debug" indentifier is set I never display the error message for the reason you suggest. The "die" method is generally used for tutorials as it is simple to implement but doesn't take much explaining. Unfortunately once set in people's minds they don't normally think of the consequences. The precise method of error handling I use depends on a lot of factors. It could just be a function, a redirect or a thrown exception.
As an aside I see an awful lot of code on these forums with no error trapping, even a die.. A lot depends on where people learn't php from and what their background is. Coding tutorials teach how to code, not good practice.
Posted: Mon May 14, 2007 10:29 am
by volka
CoderGoblin wrote:The "die" method is generally used for tutorials as it is simple to implement but doesn't take much explaining. Unfortunately once set in people's minds they don't normally think of the consequences.
/signed
If I have to name two (or three) major advances in coding/software engineering it'll be: (runtime type information,) garbage collection and exceptions. A basic sql tutorial using exceptions could be something like
Code: Select all
$dbh = new PDO('pgsql:host=localhost ...');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->query ....
there's no error handling in this code snippet, esp. no
or die(...), just the code the reader is interested in. The code doesn't show any "bad practice", nothing you have to remove or change when you add your "real" error handler. You probably don't even have to change the given code for that, just wrap it in a nice try-catch block wherever you want to handle the error. How to handle an exception can be covered somewhere else and keeps the tutorial/answer simple ...just what we're trying to achieve with
or die(mysql_error()).
But that would mean "Goodbye to all of you still stuck with php4" and maybe "Goodbye to all of you unable to use PDO" since it's the only db extension that makes use of exceptions (afaik).
Posted: Mon May 14, 2007 10:53 am
by N1gel
I find one off the best ways to do it and one off my favourite things about php is the way the if statment works, its slightly different to other languages as you can put a statment in and if it fails it will goto the else
if($db = mysql_connect('localhost', 'user', 'password') or die(mysql_error()); )
{
....
}
else
{
echo "Unable to connect to db";
mail( '
me@me.com', 'unable to connect to db', mysql_error());
....
}
something like that would display a nicer error message with no compramise and alert the developer
Posted: Mon May 14, 2007 12:42 pm
by RobertGonzalez
mysql_error() should not be used to output anything in a production application. Many tutorials use it as an example of catching failure, though I am not to keen on it myself. If you are developing for PHP5 use exceptions. If you have to stay in PHP4, you can still catch failure using an if/else construct, but you control what is output. You can still use
die(), just don't output the error message.
Code: Select all
<?php
if (!$con = mysql_connect('localhost', 'billyboy', 'billyrunsongoatcheese'))
{
die('There was a problem connecting to the database. The server administrator has been notified of this situation.');
// Code your notification routine here
}
// At this point your link identifier is now stored in $con for use later
?>
Posted: Tue May 15, 2007 7:19 am
by Scooter5791
Thanks for all your suggestions people. I will be using PHP 5 and MySql 5 so I want to learn about handling exceptions in PHP. Can anyone point me to any really good articles or tutorials? Thanks.
Posted: Tue May 15, 2007 8:34 am
by CoderGoblin
php.net Exceptions is a quick overview. If you want more you could try
Devshed - Introducing Exceptions.
Posted: Tue May 15, 2007 12:27 pm
by volka
A short introduction to the advateges of exceptions can be found at
http://java.sun.com/docs/books/tutorial ... tages.html
Posted: Tue May 15, 2007 12:40 pm
by stereofrog
Very funny one.
Devshed article wrote:
if(!$content=file_get_contents("{$this->fileDir}{$this->file}.php")){
throw new Exception('Unable to read file contents');
}
This is exactly how exceptions should not be used.