Error checking record selection function

PHP
1

I have a number of PHP functions to interrogate a database and return values in an array to the calling code.
I want to add some error checking and I just need some ideas as to the best way to implement it.

I am using procedural mysqli as follows:

$dbh = mysqli_connect($hostname,$dbusername,$dbpassword,$dbname) or 
    die("Problem connecting: ".mysqli_error());

    $sql = "SELECT userid,status,accesslevel,forename,surname,email FROM users WHERE username = ? and encryptedpassword  = ?";

    $stmt = mysqli_stmt_init($dbh);
    
if (mysqli_stmt_prepare($stmt, $sql)) {
    
    // Bind Parameters.
    if(!mysqli_stmt_bind_param($stmt, 'ss', $username,$encrypted)) {
        die("Problem binding parameters: ".mysqli_error());
    }
    
    // Execute Statement
    if (!mysqli_stmt_execute($stmt)) {
        die("Problem executing statement: ".mysqli_error());
    }    
    
    // Bind results to variables.
    if (!mysqli_stmt_bind_result($stmt, $userid, $status, $accesslevel, $forename, $surname, $email)) {
        die("Problem binding result: ".mysqli_error());
    }
    
    // Store result - Run ONLY to ascertain the number of records returned.
    if (!mysqli_stmt_store_result($stmt)) {
        die("Problem storing result: ".mysqli_error());
    }
        
    // Ascertain the number of records returned
    $numrows = mysqli_stmt_num_rows($stmt);
     
    if ($numrows == 1) {
        
        if ($status<>2) {
            $ErrorList = "<li>You have not registered yet</li>\n";
        }

        mysqli_stmt_fetch($stmt);
        
    }
    else
    {
        $ErrorList = "<li>Invalid Username and or Password</li>\n";
    }
        
}
else // Not mysqli_stmt_prepare()
{
    die("Problem connecting: ".mysqli_error());
}

This works but instead of using ‘die’ I would like to catch some errors and throw back a user friendly message to the user as well that does not just display a ‘Problem found’ page.

Pull my approach apart if you like and all criticism is gratefull recieved but please assist me on my way too.

Thanks

P.S. There must be a better way of submitting code but it was not obvious.

2

Well, the best way (IMO) is to display a generic 500 page to the user. That the database doesn’t work, or that your server exploded, it doesn’t really matter to the user right?

So, IMO, you don’t need to throw then catch exceptions for this. I would just use trigger_error and set_error_handler methods.

In your custom error handler, you could display an error page (or redirect to one). Then, call ‘die()’ at the end of your custom error handler.

You could also use Exceptions, but I wouldn’t catch them. When you catch an exception, it’s because you can recover from it. Your database doesn’t work? Well, a ‘catch’ from that would be to go find a cached version somewhere and display a message to the user that the information is maybe not up to date.

If you want to use Exceptions, there are similar methods. your ‘throw new Exception(“database error”);’ and then you can use the method set_exception_handler()

Also, I wrote a post about a custom page with set_error_handler(). But there’s better way, like the ones used in frameworks. I didn’t have the time to investigate how they work… Maybe it’s a redirect, but then you have to buffer the pages… Anyway :smile:

3

Has the session handling been set to use the database or is it set to use the default (file system)?

4

I log errors in the default error log and send an email to the administrator in the error handler and redirect to a
user friendly problem alert page for the user.

error_reporting(E_ALL);
ini_set(‘log_errors’,‘1’);
ini_set(‘display_errors’,‘0’);
set_error_handler(‘myErrHandler’);

I sense that I do not need to use die as the error handler intervenes.

5

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.