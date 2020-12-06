There’s no good reason for your application code to try to handle a database statement error unless the visitor to your site can do something about correcting the error. The only errors a visitor to your site can do something about are when submitting duplicate or out of range data values for an insert or update query. In all other cases, telling a visitor that something they did caused a database statement error will only confuse them and if the visitor happens to be a hacker, telling them that something they did causes a specific type of error will only encourage them to do more of the same. Unconditionally outputting the raw database statement error will give hackers even more useful information (a connection error contains the database host/ip address, the connection username, if you are using a password or not, and web server path information.)

When you, as the programmer/developer, visit your site, you do want to see the raw database statement errors. The simple way of doing this is to use exceptions for errors and in most cases let php catch and handle the exception, where php will use its error relate settings to control what happens with the actual error information, in the form of an uncaught exception error (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) The exception to this rule are for cases where the visitor can do something about the error, as stated above. In this case, your code should catch the exception, test if the error number is for something your code is designed to handle, setup and display a message for the visitor telling them exactly what was wrong with the data that they submitted. For all other error numbers, just re-throw the exception and let php handle it.

One of the great points of using exceptions is your main code will only ‘see’ error free execution, since execution transfers to the nearest correct type of exception handler upon an error.

The PDO connection always uses an exception for a connection error. You should set the PDO error mode to exceptions so that all other database statement errors (query, prepare, execute, exec, …) will also use exceptions.

Short version: use exceptions for all database statement errors and only use a try/catch block when your application/visitor can do something to correct a specific error. Keep It Simple (KISS.)

BTW - when you make the PDO connection, in addition to setting the error mode to exceptions, you should set emulated prepared queries to false, and set the default fetch mode to assoc.