40

If I use a bit of code like this: 

$update_result = mysqli_query( $link , $sql_update_login ) or die ('Unable to execute query. '. mysqli_error($link));

Does it have to die or can you put a different query afterwards? Like a predetermined function that writes a log of the error to another table? Such as:

$update_result = mysqli_query( $link , $sql_update_login ) or function('$query, $error);

What are the other options after 'or'? I haven't found it in the documentation, any clues are appreciated.

Maelish
  • 1,600
  • 4
  • 18
  • 25
  • If you want to execute the function on *success* of the previous query, use `and` instead of `or`. – mario Mar 10 '13 at 03:00
  • Sure you can call a function after the `or` (it is an operator, as Blender says below). Defining one as you appear to be doing, though, isn’t really possible or meaningful. – Ry- Mar 10 '13 at 03:02

4 Answers4

87

Does it have to die

Quite contrary, it shouldn't or die() ever.
PHP is a language of bad heredity. Very bad heredity. And or die() with error message is one of the worst rudiments:

  • die throws the error message out, revealing some system internals to the potential attacker
  • such error message confuses casual users, because they don't understand what does it mean
  • Besides, die kills the script in the middle, leaving users without familiar interface to work with, so they'd likely just drop out
  • it kills the script irrecoverably. While exceptions can be caught and gracefully handled
  • die() gives you no hint of where the error has been occurred. And in a relatively big application it will be quite a pain to find.

So, never use die() with MySQL errors, even for the temporary debugging: there are better ways.

Instead of manually checking for the error, just configure mysqli to throw exceptions on error, by adding the following line to your connection code

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

and after that just write every mysqli command as is, without any or die or anything else:

$result = mysqli_query($link, $sql);

This code will throw an exception in case of error and thus you will always be informed of every problem without a single line of extra code.

A more detailed explanation on how to make your error reporting production ready, uniform and overall sensible while making your code much cleaner, you can find in my article on PHP error reporting.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • 3
    Great explanation, just want to make one minor correction, **the precedence of `OR` in php is actually lower than `=`**, which is also why the assignment is assigned the return value of the first expression (which may be non-bool), and not the boolean resulting from the or-operation. Note that this is the only(?) difference between the `OR` and `||` operator. Try `$result = mysql_query(...) || die('error')` and you'll see that it wont work. – deadbeef Dec 12 '15 at 17:59
  • 1
    @deadbeef thank you for pointing out. It's a shame to confuse precedences after ranting in this very topic. Now it is corrected, can you please verify it? – Your Common Sense Dec 13 '15 at 15:23
  • 1
    Just saw this answer, while looking for something else. `die;` is great and should be used whenever there is a hack, or just plain doing something like `header('LOCATION:https://www.ic3.gov'); die;`. It's also fine to `die;` if there is a connection failure. This is a horrible answer. – StackSlave Jul 25 '17 at 06:20
  • 5
    @StackSlave do not confuse the of die(), exit() usage here.. Your common Sense explains here that `or die()` used in this case exposes system information.. Your usage `header('LOCATION:https://www.ic3.gov'); die;` is in fact not exposing system information also a fact the die or exit is needed there for security as you should not trust the http client to respect the redirect and will follow it. – Raymond Nijland Jun 29 '19 at 16:50
  • I'm not suggesting information goes to ic3. I was just using that as a redirect after you test for a hack, like if someone is trying to send information to your web page with obvious violations as to how you would expect one or more regular expressions to be. So the hacker is trying to see if they can expose weakness *(even if you prevent)*. So that is just a redirect example using `die;`. Of course, it redirects them to ic3. What ic3 and your Browser Vendor does is beyond me. I should have made that more clear. Use `die;` all the time after a redirect. – StackSlave Jun 30 '19 at 08:30
  • @StackSlave just curious, can you tell a mysqli call from a redirect? – Your Common Sense Jun 30 '19 at 11:49
  • Answer says it shouldn't die ever. It's just not true at all. `die` is very useful. You wouldn't want malicious code executing the rest of your PHP script. It's taxing on the Server. Bad answer. To suppress errors use `@` or suppress errors through Sever Settings. – StackSlave Jul 03 '19 at 01:30
  • @StackSlave `You wouldn't want malicious code executing the rest of your PHP script`...and how would that happen, exactly? As per this answer, if you enable the automatic mysqli error handling with the command shown, it replaces the `or die` by _automatically crashing the application_ when any mysqli command fails. So it will never continue executing in that scenario. I think you misunderstood what's being proposed here. And suppressing errors is an even worse suggestion...that _does_ allow the code to continue being executed, even after something bad went wrong! – ADyson Sep 30 '22 at 12:14
8

or is just an operator (very similar to ||).

The or die() syntax works because or short-circuits, which means that if the first statement is true, True or X will always be true, so X isn't evaluated and your script doesn't die.

Kyle Challis
  • 981
  • 2
  • 12
  • 28
Blender
  • 289,723
  • 53
  • 439
  • 496
3

Yes, you can provide a different function after the (or). I have tested the following:

mysqli_query($sel_db,'what!') or some_func(mysqli_error($sel_db));

function some_func($str) {
    die("ERROR: ".$str);
}
kalaero
  • 174
  • 6
  • This just pointlessly redirects the output through an extra wrapper function, both adding nothing useful and failing to remove any of the flaws in the overall approach. – ADyson Sep 30 '22 at 12:19
-3

It doesn't have to be die() specifically, but it needs to be something that'll make the script halt by calling exit() or die(), or something that throws an exception. Otherwise, the script will continue with the return value of that function (which is probably either null or some sort of junk) in $update_result, which will almost certainly cause problems.