Storing an Error log in MySQL

Question

I want to store my the errors logs my PHP creates into a MySQL table, but nothing is being inserted into it.

the code I'm using for the error log is..

function myHandler($code, $msg, $file, $line) 
   {
      echo "An error occurred while processing your request. Please visit our site and try again.";  
      // log error to file, with context
      $logData = date("d-M-Y h:i:s", mktime()) . ", $code, $msg, $line, $file\n";
      die("Error");
   }

with the lines

$insert = "INSERT INTO error_logs (error_message)"."VALUES ('$logData')";   
mysql_query($insert)or die();

to insert the log into the error_message column in the error_logs table which is set to VARCHAR with 250 character cap

I assumed it'd just set a something in there, but apparently I'm way off the mark.

No. Please **DO NOT** use `mysql_query` in new applications. You simply cannot sling arbitrary text content into the query and expect it to work without [proper SQL escaping](http://bobby-tables.com/php). For your own health and well-being, please use [PDO](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) to handle your database calls. — tadman, Dec 05 '12 at 20:35
Do you get an error? Change `die()` to `die(mysql_error())`. Also, you may need a space between `(error_message)` and `VALUES` — imkingdavid, Dec 05 '12 at 20:36
@tadman I think you _meant_ to say: [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained and the [deprecation process](http://j.mp/Rj2iVR) has begun on it. See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). ^_^ — Naftali, Dec 05 '12 at 20:36
Pushing logs into a database really does not improve things. What if your database goes down? What if the missing database is the only reason your application does not work? Logging to the filesystem is way easier. Logging to a dedicated logging system (see "logstash" or "greylog 2") is more convenient for browsing. — Sven, Dec 05 '12 at 20:38
@Sven error logging to database >> error logging error logging to database >> error logging error logging error logging to database >> ... \*death spiral to stack overflow\* — Sammitch, Dec 05 '12 at 21:18

score 2 · Answer 1 · edited May 25 '19 at 14:48

2

You insert statement could parse to:

INSERT INTO error_logs (error_message) VALUES ('foo')

Which is invalid.

Make sure to put that space in there.

You might want to put the MySQL error statement into the die(..) so you can better see the error next time.

Also – please please please escape your data before inputting it into a statement.... The way you are doing it now can lead some big Bobby Tables issues...

Please, don't use mysql_* functions in new code. They are no longer maintained and the deprecation process has begun on it. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

edited May 25 '19 at 14:48

Zoe

27,060
21
118
148

answered Dec 05 '12 at 20:38

Naftali

144,921
39
244
303

Escape it or it's not a valid answer. SQL injection is not cool. – tadman Dec 05 '12 at 20:39
I bet FarmerG will find a better way to use MySql statements through php, anyway @Neal's wright: FarmerG missed a space. – luchosrock Dec 05 '12 at 20:42
You should either use placeholders in your answer as a carrot-on-stick approack to PDOifying this answer, or staple in the usual `mysql_real_escape_string` so that this answer is at least not hazardous to your health. – tadman Dec 05 '12 at 20:42
Technically that'd be safe to put in production, so sure. – tadman Dec 05 '12 at 21:19

Storing an Error log in MySQL

1 Answers1