PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sun Jul 21, 2019 2:33 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: Handling database errors
PostPosted: Fri Mar 02, 2012 3:17 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za
I've created a database connection class that is extended by a search class. The database class throws an exception when any database connection and selection errors occur.

The working of the search class is dependant on the availability of the database so i thought about modifying the database connection class not to display an error message when it fails but to create an error array, containing any errors returned from database connection / select issues. Based on the presence of this array the search class will then display (or not display) the search from. Should the form be absent there will be an error message displayed to notify users that the search option is unavailable. To notify me about the error i have an error reporting option (via email) in place.

My thinking behind this is that i don't want visitors to know specifics (such as an unavailable database) about why the search option isn't working; they should only know that it isn't available. By not displaying the search form i am also limiting errors resulting from functions such as mysqli_real_escape_string() or mysqli_query(); I do use the error control operator but i would rather prevent the error from happening than letting it die quietly.

Is this approach valid or should i rethink it?

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Fri Mar 02, 2012 4:28 pm 
Offline
Site Administrator
User avatar

Joined: Wed Aug 25, 2004 7:54 pm
Posts: 13592
Location: New York, NY, US
It sounds like a valid approach. We recently had a conversation about this for the Skeleton Framework and decided to use error numbers (while still providing access to error strings). The idea was to disconnect the errors that occurred from how you present the response to the user. Error numbers would also help with i18n.

_________________
(#10850)


Top
 Profile  
 
PostPosted: Mon Mar 05, 2012 8:06 am 
Offline
DevNet Resident
User avatar

Joined: Sun Sep 03, 2006 5:19 am
Posts: 1579
Location: Sofia, Bulgaria
You should *never* display raw error messages as coming from the database, could be a security risk. There is a class of attacks that rely on reflected error messages to leech data after SQL injection. Also it is of zero usefulness to the end user. Your approach with hiding the form seems nice, although a bit "too much work" for my taste. If you can't connect to the database, probably a large portion of your site wouldn't work anyway. Better show an all-in-one error splash and email the admin.


Top
 Profile  
 
PostPosted: Mon Mar 05, 2012 8:44 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2794
Location: .za

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Wed Mar 07, 2012 12:08 pm 
Offline
Forum Newbie

Joined: Sat Mar 03, 2012 6:43 am
Posts: 19
I use the same approach that Mordred suggested. If something has gone wrong with database connection a “friendly” error splash appears and a special log is written in server to let me know all about that exception (of course not in public_html). Recently I added a service sending me SMS in those kind of exceptions.


Top
 Profile  
 
PostPosted: Thu Mar 15, 2012 9:41 am 
Offline
Forum Newbie

Joined: Fri Mar 18, 2011 9:13 am
Posts: 11
Agreed, I'd always opt for a generic connectivity message that hides all connection information, and specific error messages within the application itself. Raw error messages are one of the worst things a developer can do to a user!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group