Re: Stopping display of DB errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Todd Cary wrote:
When I run a query using Interbase and if an error occurs, the error displays in the browser window even though I am testing for errors. Is there a way to prevent this?

 function db_insert_logon_session($dbh, $sessionid, $offset) {
   $fulldate = date("m/d/Y H:i:s",time() + $offset);
   $stmnt = "INSERT INTO SESSION (SES_ID, SES_EXPIRE) " .
            "VALUES(" . $sessionid . "," .
            "'" . $fulldate . "')";
//echo('Query: ' . $stmnt . '<br>');

OK Todd, listen the fuck up :-)
you are missing one of the greatest things about the interbase extension, parameterized queries, try doing it like this:

$fulldate = date("m/d/Y H:i:s",time() + $offset);
$stmnt = 'INSERT INTO SESSION (SES_ID, SES_EXPIRE) VALUES(?,?)'
$sthdl  = @ibase_query($stmnt,$dbh, array($sessionid,$fulldate));

do it like that and you have just made SQL injection hacks an impossiblity :-), and stray quotes in text strings being entered into the DB will never again break your queries.

suck on that MySQL.

$sthdl = ibase_query($stmnt,$dbh); <------ displays error regardless 

$sthdl  = @ibase_query($stmnt,$dbh);  <------ shouldnt displays error

   if ($sthdl) ibase_commit();
   else print("Error: " . ibase_errmsg() . "<br>");
   return $sthdl;
 };

BTW: the interbase extension was rewritten for PHP5, I don't know whether this was backported to PHP4 - the guy that did it is a friend of mine though so I'll ask about that - anyway the reason that I mention this is is that I don't have your problem and I use PHP5 for my firebird/php (the interbase extension is also used for firebird)

having said that I have a custom DB class for interbase/firebird which uses the following construction:

$res = call_user_func_array('ibase_query', array_values($args));

this is to do with parameterized queries (the number of args is obviously variable).




for anyone who reads this far know this:

Todd is a superior human being cos he uses a superior DB ;-)
MySQL is a single-celled organism next to the space-faring superbeing that is firebird (ok interbase too, but that aint open source)

(flame on baby!)

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux