Reference — frequently asked questions about PDO

后端 未结 3 2112
广开言路
广开言路 2020-11-21 05:17

What is this?

This is a list of frequently asked questions regarding PHP Data Objects

Why is this?

As PDO has some features unknown to a regular

3条回答
  •  梦如初夏
    2020-11-21 05:39

    PDO query fails but I can't see any errors. How to get an error message from PDO?

    To be able to see database errors, one have to set PDO errmode to exceptions. Exceptions are better than regular errors in many ways: they always contains a stack trace, they can be caught using try..catch or handled using dedicated error handler. And even unhandled, they act as regular PHP errors providing all the important information, following site-wide error reporting settings.

    Note that setting this mode as a connection option will let PDO throw exceptions on connection errors too, which is very important.
    So, here is an example for creating a PDO connection right way:

    $dsn = "mysql:host=$host;dbname=$db;charset=utf8";
    $opt = array(
        PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
        // other options 
    );
    $pdo = new PDO($dsn, $user, $pass, $opt);
    

    Connecting this way, you will be always notified of all database errors, occurred during query execution. Note that you have to be able to see PHP errors in general. On a live site you have to peek into error logs, so, settings have to be

    error_reporting(E_ALL);
    ini_set('display_errors',0);
    ini_set('log_errors',1);
    

    while on a local development server it's ok to make errors on screen:

    error_reporting(E_ALL);
    ini_set('display_errors',1);
    

    and of course you should never ever use error suppression operator (@) in front of your PDO statements.

    Also, due to many bad examples telling you to wrap every PDO statement into try..catch block, I have to make a distinct note:

    DO NOT use try..catch operator just to echo an error message. Uncaught exception is already excellent for this purpose, as it will act just the same way as other PHP errors - so, you can define the behavior using site-wide settings - so, you will have your error message without this useless code. While unconditionally echoed error message may reveal some sensitive information to a potential attacker, yet confuse a honest visitor.

    • A custom exception handler could be added later, but not required. Especially for new users, it is recommended to use unhandled exceptions, as they are extremely informative, helpful and secure.
    • Use try..catch only if you are going to handle the error itself - say, to rollback a transaction.

提交回复
热议问题