Recommended:

  • phpclasses.org
  • jsclasses.org
  • jsmag.com
  • siteapps.com
  • View our reviews on Hot Scripts
  • JS Tutorial
  • scripts.com
  • securesignup.com




Recent Comments

Powered by Disqus




Back to articles

Collecting and debugging PHP and mysql errors

As you know it is advised to prevent showing PHP related error messages because of security issues. So how can you track if there are any errors in your script that might not only have effect on user experience, but also potentially create security holes for others to exploit.

The best way is to create custom handlers for errors. You can get them emailed to you right away, or store them in database and check them on daily basis.

For example, I'm administering more than 50 different websites, so I collect each website errors in their own databases, then once a day I run a script which collects all errors from all websites in one place, where I can easily manage them.

So how to collect all occurred errors and put them into database? This code snippet will help you do it.

First for mysql errors:

<?php
/*********************
 * Here is a function to handle mysql errors
 *   $type - you can define any type, or just use mysql, 
 *   to differ mysql errors from PHP errors
 *   $err - error text
 *   $context - in which context did error accure, for example, what query was executed
*********************/
function collect_mysql($type, $err, $context = ""){
    
    /****************************
    * You should use mysql_real_escape_string function to prevent data 
    * messing up your query
    * And gather all other information you can:
    *    $time - time when error occurred
    *    $script - which script was executed
    *    $request_uri -  exact url where error occurred
    *    $filename - filename where error occurred
    *    $line - on which line error occurred
    ****************************/
    $type = mysql_real_escape_string($type);
    $err = mysql_real_escape_string($err);
    $context = mysql_real_escape_string($context);
    $time= time();
    $script = mysql_real_escape_string($_SERVER["SCRIPT_NAME"]);
    $request_uri = mysql_real_escape_string($_SERVER["REQUEST_URI"]);
    $filename = mysql_real_escape_string(__FILE__);
    $line= __LINE__;
    
    //create query and store all errors in database
    //this is example query without all parameters
    $query = "INSERT INTO `error_collection` SET ...";
    mysql_query($query);
}

//and here is a usage or how you can collect them

$query = 'SELECT * FROM `table`';
mysql_query($query) or (collect_mysql("mysql", mysql_error(), $query));
?>

And this one is for PHP errors:

<?php
//set to report all errors if not done in php.ini
error_reporting(E_ALL);

//set to display errors if not done in php.ini
ini_set('display_errors', '1');

//set error handler using your defined callback function named collect_php
set_error_handler('collect_php');

/*********************
 * Here is a function to handle php errors
 *   $errno - error type, php error level
 *   $errstr - error text
 *   $errfile - in which file error occurred
 *   $errline - line on which error occurred
*********************/
function collect_php($errno, $errstr, $errfile, $errline){
    
    /***************************
     * As we want to save error information into database,  
     * we should use database connection,
     * but there are some errors that might occure  before connection is established
     * so we'll try to use global connection variable 
     * and check if connection already exists
     * if yes, we will use it, if no we'll establishe new connection
    ***************************/
    global $connect;
    if(!isset($connect))
    {
        $connect = mysql_connect("host", "usernam", "pass");
    }
    /****************************
    * You should use mysql_real_escape_string function to prevent 
    * data messing up your query
    * And gather all other information you can:
    *    $time - time when error occurred
    *    $script - which script was executed
    *    $request_uri -  exact url where error occurred
    ****************************/
    $errno = mysql_real_escape_string($errno);
    $errstr = mysql_real_escape_string($errstr);
    $errfile = mysql_real_escape_string($errfile);
    $errline = mysql_real_escape_string($errline);
    $time= time();
    $script = mysql_real_escape_string($_SERVER["SCRIPT_NAME"]);
    $request_uri = mysql_real_escape_string($_SERVER["REQUEST_URI"]);
    
    //create query and store all errors in database
    //this is example query without all parameters
    $query = "INSERT INTO `error_collection` SET ...";
    mysql_query($query, $connect);
    
    //return true so that PHP internal error handler won't be used
    return true;
}
/*****************************
 * Before defining new mysql connection, we should check if it already exists
 * because it is possible that error handler already established connection
*****************************/
if(!isset($connect))
{
    $connect = mysql_connect("host", "usernam", "pass");
}

?>

Now you can manipulate them as you want, by sending to email address, generating error reports, etc.


You may also be interested in:

Powered by BlogAlike.com

blog comments powered by Disqus