I have a too many hosts PDO exception in my MySQL database:
exception 'PDOException' with message 'SQLSTATE[HY000] [1129] Host
'[IP ADDRESS]' is blocked because of many connection errors; unblock
with 'mysqladmin flush-hosts'' in /var/www/libs/Database.php:15
I understand this error, but the real problem is in the stack trace which dumps the database name, login and password into the console:
Stack trace:
#0 /var/www/libs/Database.php(15): PDO->__construct('mysql:host=conf...',
'[db name]', '[db password]...', Array)
As this is an AJAX request, it dumps into the console browser, which is obviously a problem.
How can I avoid this happening? Have I configured PHP incorrectly?
As this is an AJAX request, it dumps into the console browser
Of course, PHP (like other server-side languages) is executed in another computer and does not have access to your browser's console. Most likely, neither your PHP nor your JavaScript are designed to handle error conditions gracefully. Some tips:
Always set display_errors to false in your production box. Make sure that error messages are logged instead.
Tweak your server-side code so it generates valid output even when the DB is down. For instance, if the script is supposed to generate JSON it should send JSON data even on error. To do so:
Capture the PDOException
Log the error details
Send JSON data informing that there was an error, e.g.:
{"status": "error", "info": "Database is down"}
Tweak your client-side code to handle any kind of error in the AJAX response, including proper JSON with status=error and lack of proper JSON.
Related
I am using GuzzleHttp to send post request to another project. But when I have error I can't see all error it is always truncated.
Can anyone know how to remove the (truncated...) so that I can fully see the error?
GuzzleHttp\Exception\ServerException
Server error: POST http://127.0.0.1:8000/api/api resulted in a 500 Internal Server Error response: <!doctype html> <!-- TypeError: Argument 1 passed to Illuminate\Database\Query\Builder::inser (truncated...)
The error is only truncated in the Guzzle Exception message. You find the error in full in the other projects' PHP error log if you enable error logging there -- and -- in the response body.
Right now you've enabled display errors (or you're displaying errors in some variant that inserts the message into a HTML comment), check error logging is enabled and locate the appropriate log file.
Alternatively you can configure Guzzle to not throw on "HTTP errors"[1], verify the response status is 500 and if so have the non-truncated information in the response body.
The truncation is only for convenience as exception messages often end up in some line of their own in the PHP error log (of the applications that don't catch it) and such lines have a common limit of 1024 bytes for portability reasons.
Most details of the error situation can only be available within the system (here: the HTTP server you send requests to) and if you want to obtain the least filtered information, always go towards the source. Don't look for things, just obtain them.
c.f. Catching exceptions from Guzzle for the version of the Guzzle API you have in use.
Is there a general explanation for the errors that lead to the phenomenon described in the title? Can I make the program tell me the actual cause of these errors?
Assuming you are using PHP backend, HTTP status 500 would mean internal server error - a bug that caused your PHP script to halt. Usually fatal errors cause this.
When you get a 500 error, click on the request in firebug. It would open up all kinds of request data like Headers, Response, Cache, Params etc. Check the response tab once. That might give you a clue about what's wrong in your PHP code.
An HTTP status code of 500 means the error happened on the server side. Firebug only sees what's happening on the client side - i.e. it tells you that the server returned an error code. It doesn't have access to the errors happening on the server side.
I.e. you need to check the log files of your server to see what caused the error. This is normally a fatal error in your server-side script that caused its execution to stop.
I am using an OAuth library to connect to my Etsy store (etsy.com) and try to retrieve some information regarding sold orders.
This is the library: https://github.com/Lusitanian/PHPoAuthLib/blob/master/examples/etsy.php
However, I keep getting an error after I "Allow Access". I receive a token but when I allow access the issue is happening.
Here is the full error:
Fatal error: Uncaught exception 'OAuth\Common\Http\Exception\TokenResponseException' with message 'file_get_contents(http://openapi.etsy.com/v2/private/users/__SELF__): failed to open stream: HTTP request failed!
HTTP/1.1 400 Bad Request ' in /hermes/bosoraweb013/b1151/ipg.tahara/APIs/PHPoAuthLib-master/src/OAuth/Common/Http/Client/StreamClient.php:70 Stack trace: #0 /hermes/bosoraweb013/b1151/ipg.tahara/APIs/PHPoAuthLib-master/src/OAuth/OAuth1/Service/AbstractService.php(137):
OAuth\Common\Http\Client\StreamClient->retrieveResponse(Object(OAuth\Common\Http\Uri\Uri), NULL, Array, 'GET') #1 /hermes/bosoraweb013/b1151/ipg.tahara/APIs/PHPoAuthLib-master/examples/etsy.php(47):
OAuth\OAuth1\Service\AbstractService->request('/private/users/...') #2 {main} thrown in /hermes/bosoraweb013/b1151/ipg.tahara/APIs/PHPoAuthLib-master/src/OAuth/Common/Http/Client/StreamClient.php on line 70
Would anyone have any input to identify what the issue is?
The error is telling you that the library was getting back a 400 error which means that the server does not like your request. If this is something that might happen more often than not then a try catch block is your friend if only to terminate gracefully and perhaps log the problem.
If this was me I would have the error, the request and the Library object print_r inside a tag or into a text document so I could get a better idea of what was going on.
I'd be wondering if this was an authentication issue, a need to use HTTPS rather than HTTP, a bug in the library, an end-point issue or just some bad data at some place or other. The more information you have and the more you can isolate and confirm as working the faster I could home in on the problem.
I wish you the best of luck debugging and tracing the fault. I know how insanely frustrating these things can be.
some times my site server is in too many connection status and mysql show error: (could not connect: too many connection), but question is how we must set a google friendly or in general a bot friendly HTTP header error for such a this situation in PHP? my means is set a error to tell them my site is temporary down! come back latter!
Send a 500 Internal Server Error:
header('HTTP/1.0 500 Internal Server Error');
I hope you have wrapped you code by some exception handler or error handler and you have a global exception handler for your application.What you can do here is, in the error handler, you can throw an exception which will have some message you want to display. This can be caught by the global application exception handler which will redirect the user to some custom page which you want to show.
If my mongo database is down, my php application is printing out the plaintext password in the error. How can I prevent this?
Fatal error: Uncaught exception 'MongoCursorException' with message
'couldn't send command' in /ap/db.php:23 Stack trace:
#0 /ap/db.php(23): MongoDB->authenticate('username', 'actual_password')
#1 /ap/index.php(6): Worker->__construct() #2 {main} thrown in /ap/db.php
on line 23
I understand that I can disable php errors, but that is not what I want to do. I want to see an error, but I don't want it to print the password.
In a production application, users should never see an error like "Uncaught exception" or other developer-oriented message. This exposes a lot of information to a potential attacker and confuses your legitimate users. Log the detailed technical message and display a friendly error page to the user.
To disable visible errors and log them instead, edit php.ini:
Set error_log to a valid log path
Set display_errors to Off.
The process to enable friendly errors depends on your web server, but the idea is the same: Set a custom page to be displayed when a 500 error is encountered. In Apache, for example, you set ErrorDocument 500 /path/to/custom/500.html.
EDIT :
OP indicates that this is a development box — either way you should wrap your connection attempt in a try/catch block (which is something you should be doing anyway), and then you can display a 'sanitized' error message:
try {
MongoDB->authenticate('username','password');
} catch (MongoCursorException $e) {
die("Unable to authenticate to database [code: " . $e->getCode() . "]: "
. $e->getMessage());
}