SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    It is safe to print what a function returns?

    I have a function that returns 1 if its all ok, and if there is any error it returns the error, that I will print.

    PHP Code:
      $do_function = function();
                                                                                   
      if (
    $do_function == 1) { 
        
    // Its OK
      
    } else { 
        
    $errors[] = $do_function
        
    // Then I will print the errors
      

    I'm worried that the function may return some critical information due to an unanticipated error or something, of course I did not put any return with information the user should not see.

  2. #2
    SitePoint Evangelist captainccs's Avatar
    Join Date
    Mar 2004
    Location
    Caracas, Venezuela
    Posts
    516
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by llnitoll View Post
    I'm worried that the function may return some critical information due to an unanticipated error or something, of course I did not put any return with information the user should not see.
    Yes, exactly! On a production server you should log the errors and not display them on the screen.

    The problem is how to notify the administrator/webmaster of fatal errors. To solve this problem I created The Ultimate PHP Error Reporter and recently updated it with Reporting Error 500 with phpErrorReporter.php
    Denny Schlesinger
    web services

  3. #3
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    4,826
    Mentioned
    142 Post(s)
    Tagged
    0 Thread(s)
    The term error is vague.

    Are we talking errors (in that PHP generated an error, or an error occurred processing a SQL statement, etc) or are we talking a validation error, meaning, the user forgot to fill out the Name on the form, or the Quantity, etc.

    The first should be hidden from the user and logged to an error report, but latter should be displayed to the end user.
    Be sure to congratulate xMog on earning April's Member of the Month
    Go ahead and blame me, I still won't lose any sleep over it
    My Blog | My Technical Notes

  4. #4
    SitePoint Evangelist captainccs's Avatar
    Join Date
    Mar 2004
    Location
    Caracas, Venezuela
    Posts
    516
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    The term error is vague.

    Are we talking errors (in that PHP generated an error, or an error occurred processing a SQL statement, etc) or are we talking a validation error, meaning, the user forgot to fill out the Name on the form, or the Quantity, etc.

    The first should be hidden from the user and logged to an error report, but latter should be displayed to the end user.
    Yes! Thank you for dotting the Is and crossing the Tees.

    But if the OP is worried about showing an error message it would seem that it's a message that users shouldn't normally see.
    Denny Schlesinger
    web services

  5. #5
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by captainccs View Post
    Yes, exactly! On a production server you should log the errors and not display them on the screen.

    The problem is how to notify the administrator/webmaster of fatal errors. To solve this problem I created The Ultimate PHP Error Reporter and recently updated it with Reporting Error 500 with phpErrorReporter.php
    Quote Originally Posted by cpradio View Post
    The term error is vague.

    Are we talking errors (in that PHP generated an error, or an error occurred processing a SQL statement, etc) or are we talking a validation error, meaning, the user forgot to fill out the Name on the form, or the Quantity, etc.

    The first should be hidden from the user and logged to an error report, but latter should be displayed to the end user.
    As I said: "I did not put any return with information the user should not see". I have an error handler for "mysqli_error" errors, an "error_log" document for PHP errors, an a console.txt for other things.
    All "returns" that the function have are strings like cpradio said, ex: "Introduce a username".

    I see it safe, but I don't know if in some case a function may return something no preset in a return, because as you can see in the first post everything returned will be printed, if its not a "1".

  6. #6
    SitePoint Evangelist captainccs's Avatar
    Join Date
    Mar 2004
    Location
    Caracas, Venezuela
    Posts
    516
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by llnitoll View Post
    I see it safe, but I don't know if in some case a function may return something no preset in a return, because as you can see in the first post everything returned will be printed, if its not a "1".
    The only way to find out is by examining the function. MySQL error messages do tend to give away too much information. The way to prevent it is to use custom error messages.

    You can set up test cases to force the function to give you the errors. Then you can replace the undesirable ones with custom ones.
    Denny Schlesinger
    web services

  7. #7
    SitePoint Member
    Join Date
    Feb 2011
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by captainccs View Post
    The only way to find out is by examining the function. MySQL error messages do tend to give away too much information. The way to prevent it is to use custom error messages.

    You can set up test cases to force the function to give you the errors. Then you can replace the undesirable ones with custom ones.
    I test it and the MySQL errors, are handled and printed in a document I can only see. The return errors of the function are custom like: return "Introduce a username";, as I said if its that what you mean.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •