I have a number of PHP functions to interrogate a database and return values in an array to the calling code.
I want to add some error checking and I just need some ideas as to the best way to implement it.
I am using procedural mysqli as follows:
$dbh = mysqli_connect($hostname,$dbusername,$dbpassword,$dbname) or
die("Problem connecting: ".mysqli_error());
$sql = "SELECT userid,status,accesslevel,forename,surname,email FROM users WHERE username = ? and encryptedpassword = ?";
$stmt = mysqli_stmt_init($dbh);
if (mysqli_stmt_prepare($stmt, $sql)) {
// Bind Parameters.
if(!mysqli_stmt_bind_param($stmt, 'ss', $username,$encrypted)) {
die("Problem binding parameters: ".mysqli_error());
}
// Execute Statement
if (!mysqli_stmt_execute($stmt)) {
die("Problem executing statement: ".mysqli_error());
}
// Bind results to variables.
if (!mysqli_stmt_bind_result($stmt, $userid, $status, $accesslevel, $forename, $surname, $email)) {
die("Problem binding result: ".mysqli_error());
}
// Store result - Run ONLY to ascertain the number of records returned.
if (!mysqli_stmt_store_result($stmt)) {
die("Problem storing result: ".mysqli_error());
}
// Ascertain the number of records returned
$numrows = mysqli_stmt_num_rows($stmt);
if ($numrows == 1) {
if ($status<>2) {
$ErrorList = "<li>You have not registered yet</li>\n";
}
mysqli_stmt_fetch($stmt);
}
else
{
$ErrorList = "<li>Invalid Username and or Password</li>\n";
}
}
else // Not mysqli_stmt_prepare()
{
die("Problem connecting: ".mysqli_error());
}
This works but instead of using ‘die’ I would like to catch some errors and throw back a user friendly message to the user as well that does not just display a ‘Problem found’ page.
Pull my approach apart if you like and all criticism is gratefull recieved but please assist me on my way too.
Thanks
P.S. There must be a better way of submitting code but it was not obvious.