mysqli or die,它必须死吗?
如果我使用这样的代码:
If I use a bit of code like this:
$update_result = mysqli_query( $link , $sql_update_login ) or die ('Unable to execute query. '. mysqli_error($link));
它必须死掉还是你可以在之后提出不同的查询?就像将错误日志写入另一个表的预定函数一样?如:
Does it have to die or can you put a different query afterwards? Like a predetermined function that writes a log of the error to another table? Such as:
$update_result = mysqli_query( $link , $sql_update_login ) or function('$query, $error);
或"之后的其他选项是什么?我没有在文档中找到它,感谢任何线索.
What are the other options after 'or'? I haven't found it in the documentation, any clues are appreciated.
推荐答案
一定要死吗
恰恰相反,它不应该或 die()
永远.
PHP 是一种遗传不好的语言.非常不好的遗传.而 或 die()
带有错误消息是最糟糕的雏形之一:
Quite contrary, it shouldn't or die()
ever.
PHP is a language of bad heredity. Very bad heredity. And or die()
with an error message being one of the worst rudiments:
- die 抛出一条错误消息,向潜在的攻击者泄露一些系统内部信息
- 这会让无辜的用户因奇怪的消息而感到困惑,并让他们无法使用界面,因此他们很可能会退出.
- 它会杀死中间的脚本,因此可能会导致显示设计撕裂(或根本没有设计)(即用户请求的页面呈现不完整)
- 不可恢复地杀死脚本.虽然可以捕获并优雅地处理抛出的异常
die()
不会提示您发生错误的位置.而且在一个相对较大的应用程序中找到它会很痛苦.
- die throws an error message out, revealing some system internals to a potential attacker
- it is confusing innocent users with strange messages and leaving them no interface to work with, so they'd likely just drop out.
- it kills the script in the middle, so it may cause torn design (or no design at all) shown (i.e. an incomplete render of the page the user requested)
- killing the script irrecoverably. While thrown exception can be caught and gracefully handled
die()
gives you no hint of the place where the error occurred. And in a relatively big application it will be quite a pain to find.
所以,千万不要对 MySQL 错误使用 die()
,即使是临时调试:还有更好的方法.
So, never use die()
with MySQL errors, even for the temporary debugging: there are better ways.
无需手动检查错误,只需将 mysqli 配置为在错误时抛出异常,方法是将以下行添加到您的连接代码中
Instead of manually checking for the error, just configure mysqli to throw exceptions on error, by adding the following line to your connection code
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
然后按原样编写每个 mysqli 命令,没有任何 or die
或其他任何东西:
and after that just write every mysqli command as is, without any or die
or anything else:
$result = mysqli_query($link, $sql);
此代码将在出现错误时引发异常,因此您将始终被告知每个问题,而无需一行额外代码.
This code will throw an exception in case of error and thus you will always be informed of every problem without a single line of extra code.
有关如何使您的错误报告生产就绪、统一和整体合理的更详细说明,同时使您的代码更加简洁,您可以在我的文章中找到 PHP 错误报告.
A more detailed explanation on how to make your error reporting production ready, uniform and overall sensible while making your code much cleaner, you can find in my article on PHP error reporting.
相关文章