If I use a bit of code like this:
$update_result = mysqli_query( $link , $sql_update_login ) or die ('Unable to execute query. '. mysqli_error($link));
Does it have to die or can you put a different query afterwards? Like a predetermined function that writes a log of the error to another table? Such as:
$update_result = mysqli_query( $link , $sql_update_login ) or function('$query, $error);
What are the other options after 'or'? I haven't found it in the documentation, any clues are appreciated.
Does it have to die
Quite contrary, it shouldn't or die() ever.
PHP is a language of bad heredity. Very bad heredity. And or die() with error message is one of the worst rudiments:
die throws the error message out, revealing some system internals to the potential attacker
such error message confuses casual users, because they don't understand what does it mean
Besides, die kills the script in the middle, leaving users without familiar interface to work with, so they'd likely just drop out
it kills the script irrecoverably. While exceptions can be caught and gracefully handled
die() gives you no hint of where the error has been occurred. And in a relatively big application it will be quite a pain to find.
So, never use die() with MySQL errors, even for the temporary debugging: there are better ways.
Instead of manually checking for the error, just configure mysqli to throw exceptions on error, by adding the following line to your connection code
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
and after that just write every mysqli command as is, without any or die or anything else:
$result = mysqli_query($link, $sql);
This code will throw an exception in case of error and thus you will always be informed of every problem without a single line of extra code.
A more detailed explanation on how to make your error reporting production ready, uniform and overall sensible while making your code much cleaner, you can find in my article on PHP error reporting.
or is just an operator (very similar to ||).
The or die() syntax works because or short-circuits, which means that if the first statement is true, True or X will always be true, so X isn't evaluated and your script doesn't die.
Yes, you can provide a different function after the (or).
I have tested the following:
mysqli_query($sel_db,'what!') or some_func(mysqli_error($sel_db));
function some_func($str) {
die("ERROR: ".$str);
}
It doesn't have to be die() specifically, but it needs to be something that'll make the script halt by calling exit() or die(), or something that throws an exception. Otherwise, the script will continue with the return value of that function (which is probably either null or some sort of junk) in $update_result, which will almost certainly cause problems.
Related
If I use a bit of code like this:
$update_result = mysqli_query( $link , $sql_update_login ) or die ('Unable to execute query. '. mysqli_error($link));
Does it have to die or can you put a different query afterwards? Like a predetermined function that writes a log of the error to another table? Such as:
$update_result = mysqli_query( $link , $sql_update_login ) or function('$query, $error);
What are the other options after 'or'? I haven't found it in the documentation, any clues are appreciated.
Does it have to die
Quite contrary, it shouldn't or die() ever.
PHP is a language of bad heredity. Very bad heredity. And or die() with error message is one of the worst rudiments:
die throws the error message out, revealing some system internals to the potential attacker
such error message confuses casual users, because they don't understand what does it mean
Besides, die kills the script in the middle, leaving users without familiar interface to work with, so they'd likely just drop out
it kills the script irrecoverably. While exceptions can be caught and gracefully handled
die() gives you no hint of where the error has been occurred. And in a relatively big application it will be quite a pain to find.
So, never use die() with MySQL errors, even for the temporary debugging: there are better ways.
Instead of manually checking for the error, just configure mysqli to throw exceptions on error, by adding the following line to your connection code
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
and after that just write every mysqli command as is, without any or die or anything else:
$result = mysqli_query($link, $sql);
This code will throw an exception in case of error and thus you will always be informed of every problem without a single line of extra code.
A more detailed explanation on how to make your error reporting production ready, uniform and overall sensible while making your code much cleaner, you can find in my article on PHP error reporting.
or is just an operator (very similar to ||).
The or die() syntax works because or short-circuits, which means that if the first statement is true, True or X will always be true, so X isn't evaluated and your script doesn't die.
Yes, you can provide a different function after the (or).
I have tested the following:
mysqli_query($sel_db,'what!') or some_func(mysqli_error($sel_db));
function some_func($str) {
die("ERROR: ".$str);
}
It doesn't have to be die() specifically, but it needs to be something that'll make the script halt by calling exit() or die(), or something that throws an exception. Otherwise, the script will continue with the return value of that function (which is probably either null or some sort of junk) in $update_result, which will almost certainly cause problems.
If I use a bit of code like this:
$update_result = mysqli_query( $link , $sql_update_login ) or die ('Unable to execute query. '. mysqli_error($link));
Does it have to die or can you put a different query afterwards? Like a predetermined function that writes a log of the error to another table? Such as:
$update_result = mysqli_query( $link , $sql_update_login ) or function('$query, $error);
What are the other options after 'or'? I haven't found it in the documentation, any clues are appreciated.
Does it have to die
Quite contrary, it shouldn't or die() ever.
PHP is a language of bad heredity. Very bad heredity. And or die() with error message is one of the worst rudiments:
die throws the error message out, revealing some system internals to the potential attacker
such error message confuses casual users, because they don't understand what does it mean
Besides, die kills the script in the middle, leaving users without familiar interface to work with, so they'd likely just drop out
it kills the script irrecoverably. While exceptions can be caught and gracefully handled
die() gives you no hint of where the error has been occurred. And in a relatively big application it will be quite a pain to find.
So, never use die() with MySQL errors, even for the temporary debugging: there are better ways.
Instead of manually checking for the error, just configure mysqli to throw exceptions on error, by adding the following line to your connection code
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
and after that just write every mysqli command as is, without any or die or anything else:
$result = mysqli_query($link, $sql);
This code will throw an exception in case of error and thus you will always be informed of every problem without a single line of extra code.
A more detailed explanation on how to make your error reporting production ready, uniform and overall sensible while making your code much cleaner, you can find in my article on PHP error reporting.
or is just an operator (very similar to ||).
The or die() syntax works because or short-circuits, which means that if the first statement is true, True or X will always be true, so X isn't evaluated and your script doesn't die.
Yes, you can provide a different function after the (or).
I have tested the following:
mysqli_query($sel_db,'what!') or some_func(mysqli_error($sel_db));
function some_func($str) {
die("ERROR: ".$str);
}
It doesn't have to be die() specifically, but it needs to be something that'll make the script halt by calling exit() or die(), or something that throws an exception. Otherwise, the script will continue with the return value of that function (which is probably either null or some sort of junk) in $update_result, which will almost certainly cause problems.
The at sign is used to hide error messages. As far as I see, there is absolutely no use case or excuse for using it.
You can hide errors in production by changing php ini settings while still outputting errors to log files
#-sign makes it difficult for fellow programmers to identify where the problem is
Error messages are your friends when you are developing. Find errors fast and fix them
A friend of mine just spent a couple of hours trying to find out why the software works on one system and not on another. This would have taken about 10 seconds if the library developer wouldn't have used #-sign.
Am I close-minded when I say that there is absolutely no value to #-sign, is there a valid case?
There is some value to the # sign, but it's normally a code smell.
Consider the following: you're developing a library that needs to be compatible with multiple projects, and you don't want to change the error handler globally. Unfortunately, many PHP functions (including the sockets and streams related ones) throw a PHP error rather than an exception on failure. The "#" sign is then useful for hiding the error if and only if the error is then checked for manually and an exception is thrown if it occurred.
It's also useful for filesystem operations.
Mainly you're right though...it's normally terrible practice (:
There are a few rare situations where it indeed makes sense to use error suppression.
One of them are atomic filesystem operations. E.g. instead of writing
if (file_exists($fileName)) {
unlink($fileName);
}
you just do
#unlink($fileName);
This makes sure that your code is not subject to race conditions.
Generally # is useful in situations where PHP chose an inappropriate error model for a function. The above unlink function is one such example. Similarly there are other functions where PHP throws errors, even though it shouldn't (instead using return values or catchable exceptions).
In most cases you should indeed not use it. Some cases it makes sense though:
unlink()
while (#ob_end_flush());
There might be some other edge cases, but besides these you should really never ever supress errors.
As with all tools available (both in programming and outside of it), everything has a legitimate use case.
The first example that comes to mind for the error suppression operator would be something like
if (!#unlink($file)) {
// I am already handling the error. I don't care what caused it.
// Even NOT handling this case at all could be a legitimate reaction
// depending on circumstances.
}
When using DOMDocument, invalid HTML will throw warnings, we don't care on most cases.
When using PEAR's Mail, you'll get warnings about functions that shouldn't be called statically, that's because Mail supports PHP 4. These can be safely ignored.
When using unlink(), you suppress errors to prevent race conditions.
The most common place I have seen it used is for suppressing mysql errors when working with a db. Then the user checks the response instead and prints an appropriate error message.
Example
<?php
$link = #mysql_connect('localhost', 'mysql_user', 'mysql_password');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
mysql_close($link);
?>
I have also seen it used when working with ftps and sftps.
But I agree with you that I find its uses limited. If one ends up in a situation where one feels the need to use the #-sign at own produced code, I think it's time to rethink the solution.
I have seen some code do this:
if(something){
echo 'exit from program';
die;
}
...more code
And others that just use die:
if(something) die('exit from program');
...more code
Is there any inherent difference in when it would end the program, should I be aware of the code that comes after it? etcetera
UPDATE
I am asking mainly, if it is a coding style, or if there is a real reason why some is coded one way versus another. I am not asking what the difference between exit and die is.
No, there is no difference; they will both write "exit" to STDOUT and terminate the program.
I would prefer the die("exit") method as it's less typing, easier to comment out and semantically clearer.
As far as "speed", why would you care which is faster? Do you need your program to die really quickly?
RE: Your update
... any inherent difference in when it would end the program ...
There is no difference, inherent or otherwise. They're identical. The second option, die('exit'), is a single statement, and so requires no braces when used with an if statement; this has nothing to do with the die and everything to do with blocks and flow control in C-style languages.
RE: Your comment/second update
Which way you die is a matter of personal preference. As I said, they are identical. I would choose the 2nd option for the reasons listed above: Shorter, clearer, cleaner, which amounts to "better" in my opinion.
The difference between exit and die is that exit allows you to return a non-zero status, while die returns 0. Neither function is "better", they serve different purposes.
no difference.
And why asking for speed difference since you're dieing.
There IS a difference guys. DIE() can be used with other failable functions whereas echoing would need to caught as an error or exception.
$query = mysql_query("SELECT * FROM tablename") OR DIE(mysql_error());
Gives you an immediate catch/die sequence.
For the specific example you posted they are equal, since the $status is a string, but as the manual says this may not always be the case:
If status is a string, this function
prints the status just before exiting.
If status is an integer, that value
will be used as the exit status and
not printed. Exit statuses should be
in the range 0 to 254, the exit status
255 is reserved by PHP and shall not
be used. The status 0 is used to
terminate the program successfully.
So if instead of 'exit from program' you wanted to output, say 42 you would really need to do:
echo 42; die();
The language constructs exit() and die() are equivalent, at least according to the PHP manual. I use exit() when that line should be reached and I want the script to stop at that point. Die() on the other hand is for situations that should not occur. That's just what feels most natural for me, you don't have to agree.
Mostly it's coding style. However, if you are outputting debug messages, echo then die is better:
echo "The frobnuticator blew up!";
die;
becomes
//echo "The frobnusticator blew up!";
die;
Of course, you'd most likely have
if ($debug) echo "The frobnusticator blew up!";
die;
Which is much easier on (my|the) eye than
die($debug?"The frobnusticator blew up!":"");
From php manual :
Note: This language construct is equivalent to die().
But still there are difference between die and exit :
Using die() you can post a string : die("An error occurred");
Same result with using exit()
<?php
echo("An error occurred <br>");
exit(0);
?>
OR if you are cli or unix shell :
Using PHP on the command line, die("An error occurred") simply prints "An error occurred" to STDOUT and terminates the program with a normal exit code of 0.
<?php
fwrite(STDERR, "An error occurred \n");
exit(0); //
?>
I am currently refactoring some code for work and I have come across some function calls prefixed by the "#" symbol. As I understand it, this is intended to escape PHP error reporting if the call fails.
Is this type of thing good practice? I understand the rationale in a development environment but when the site is pushed to production shouldn't all errors be handled properly rather than just escaped?
The use of this symbol would therefore mean that the developer has to sort through the code at a later stage to remove all error reporting escapes.
I am unsure whether to remove these symbols and just find a better way to handle potential errors or not.
For clarity, the function this was used on was the native PHP fsockopen() function.
That's probably among the worst practices you can come across in php code. It basically tells the interpreter to suppress errors and just try to do whatever the code asks it to do regardless of the outcome.
A great way to drag yourself and fellow teammates into all-nighter phantom bug hunts once the app has grown substantially.
Try-catch with custom exception handling is the way to go.
I think it is sometimes understandable to use # for calling functions like fsockopen(), because when they fail they will raise a warning as well as returning false.
There may be cases where you expect these calls to fail regularly and therefore do not want a warning to be raised. Obviously you shouldn't be displaying warnings in production and should be logging them instead, but you might still want to use the # operator to stop your logs getting full. You could stop warnings getting reported at all by changing the error_reporting setting but that is not ideal.
That's called the error control operator, and is generally a very scary thing to consider using. A warning from the manual (the emboldening is mine):
Currently the "#" error-control
operator prefix will even disable
error reporting for critical errors
that will terminate script execution.
Among other things, this means that if
you use "#" to suppress errors from a
certain function and either it isn't
available or has been mistyped, the
script will die right there with no
indication as to why.
Using the "#" operator is very useful when you know that the function call can fail, like, for example, the fsockopen call. Best practice is to use this only when the function you are calling often fails and is a valid case in your application. Also, you should definitely check the return value of the function after calling it:
$fp = #fsockopen($hostname, $port);
if ($fp === false) {
// handle connection failure
}
else {
// handle connection success
}
You should avoid two things:
Not checking the return value;
Using the "#" operator where you don't expect an error -- for example when opening a local file or sending headers. When opening a local file fails, that is an error and it should be handled properly.
Note: you might also want to look at set_error_handler()
if you use your custom error-handlers, the # operator will not help you,
you will always get error-events from situations where your are handling the "Warning" in your code ... like at fsockopen etc.
so you can simple suppress effectively the warning this way:
function renameWithOutExpectedAndSelfHandledErrors( ... ) {
set_error_handler(function(){}); // deactivate all errors
$result = rename('not existing','blafussel');
restore_error_handler(); // restore old error-situation
return $result;
}