Why is 'mysqli_query() or die()' a Bad Practice, and What are Better Alternatives?

The Perils of "Mysqli or Die": Alternative Error Handling in PHP

When using the mysqli extension to interact with MySQL databases, it is common practice to employ the 'or die' construct to handle errors. However, this approach poses several drawbacks that warrant exploration.

Why "Or Die" Should Pass Away?

• Exposure of System Internals: 'Or die' displays sensitive system messages, potentially exposing vulnerabilities to malicious users.
• User Confusion: Error messages can be cryptic, frustrating casual users with no technical expertise.
• Script Termination: 'Or die' abruptly terminates script execution, disrupting user experience and hindering error analysis.
• Lack of Recoverability: Unlike exceptions, 'or die' offers no opportunity for graceful recovery or error logging.
• Missing Error Location: 'Or die' doesn't provide any indication of the line causing the error, making it tedious to debug.

Alternatives to "Or Die"

Instead of relying on 'or die,' it is highly recommended to configure mysqli to throw exceptions on error. This can be achieved with the following code:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

Subsequently, MySQL commands can be executed without any additional code:

$result = mysqli_query($link, $sql);

Exception Handling

When an exception occurs, it can be caught and handled appropriately. For example:

try {
    $result = mysqli_query($link, $sql);
} catch (mysqli_sql_exception $e) {
    // Log the error in a custom table or file
    log_error($e->getMessage());
}

Custom Error Logging

In addition to exception handling, it is desirable to establish a customized error logging system. This allows for logging errors in a dedicated table or file, providing a centralized repository for troubleshooting. The log function can be implemented as follows:

function log_error($message) {
    // Connect to the error logging table database
    $error_conn = connect_to_error_logging_db();

    // Insert the error message into the error logging table
    $query = "INSERT INTO error_log (message, timestamp) VALUES ('$message', NOW())";
    mysqli_query($error_conn, $query);

    // Close the error logging database connection
    mysqli_close($error_conn);
}

The above is the detailed content of Why is 'mysqli_query() or die()' a Bad Practice, and What are Better Alternatives?. For more information, please follow other related articles on the PHP Chinese website!