bimalpoudel — 2013-09-12T03:55:44-04:00 — #1
I would like to checkout what SQLs are being executed via mysql_query($sql) over a set of scripts within an application - in order to debug it. Is it somehow possible that I can log the string $sql that are executed via php's mysql_query() function?
Or, it would be better if you can provide hints in accessing all queries ran by one particular user in the mysql server.
spacephoenix — 2013-09-12T15:19:42-04:00 — #2
Please be aware that the mysql_* extension is now deprecated as of the current version of PHP and will very likely be removed from the next 5.x version and will likely not be in PHP 6.x (when it eventually is released). You should migrate over to either the mysqli_* extension or to PDO. PDO is a better choice as it doesn't tie you down so much to a particular database server software.
Once you have migrated you should use Prepared Statements to prevent SQL Injection attacks. Have a read of this article from the PHP manual, it shows how to use prepared statements with PDO and also explains the principle.
bimalpoudel — 2013-09-12T15:57:55-04:00 — #3
Thanks. I am aware of that, but this is due to troubleshooting a legacy, that was coded few years back by somebody else.
I either need to find out some way to read mysql's native log or php's mysql_query sql string log.
spacephoenix — 2013-09-13T02:39:14-04:00 — #4
Is the code OOP, procedural or a mix of both?
If the code is OOP, are you using a database class?
Is it just queries that have failed that you after logging or all of them (to make sure they're executing as you would expect them to?