While developing my website I use mysql_error() to display errors so I know how to fix them.
My question is... when the website goes live, how should I handle the errors, because I do not want the user to see the errors but instead see a user friendly message like "Oops, something went wrong".
Firstly, I'd strongly recommend moving from the deprecated mysql_ functions to either one of the MySQLi or PDO classes. Both are far more secure, and being maintained for current and foreseeable future versions of PHP.
Some possible solutions to displaying an error could be:
$sql = new mysqli($host, $user, $password, $database);
$query = //your query
//Option 1
$result = $sql->query($query) or die("Something has gone wrong! ".$sql->errorno);
//If the query fails, kill the script and print out a user friendly error as well
//as an error number for them to quote to admins if the error continues to occur,
//helpful for debugging for you, and easier for users to understand
//Option 2
$result = $sql->query($query);
if($result) {
//if the query ran ok, do stuff
} else {
echo "Something has gone wrong! ".$sql->errorno;
//if it didn't, echo the error message
}
You could also use the PHP error_log function to put a new error into the error log which could contain the full $sql->error details for admins to view, and completely skip the $sql->errorno printout. For more info on error logging, check the PHP Docs
Normally you want to log these errors in a live enviroment (meaning, you write the error message and some further infromation like time, ip, .. to a file) On the userside you should also provide the User some feedback, so print a nice error message so that the user knows that something went wrong.
Just use Google to find some Logger-libraries. Mostly, they can be configured to change behaviour in live and development enviroment! You might also have a look at: https://www.php-fig.org/psr/psr-3/
While developing your website, you should not use mysql_error(), because you should not use any of the mysql_* functions, because they are deprecated.
The most basic error handling is to throw an Exception. The exception handler should log the error message along with a stack trace and output an error page.
What you need is to handle the answer you receive from the SQL query. Like if success or if error. Like this:
<?php
$response = 0;
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno()){
$response = "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Perform a query, check for error
if (!mysqli_query($con,"INSERT INTO Persons (FirstName) VALUES ('Glenn')")){
$response = "Error description: " . mysqli_error($con);
}
mysqli_close($con);
echo $response;
?>
Then in your Frontend side, you can give a format to your response, with a jQuery plugin, or some framework. I recommend to use: jquery confirm. References: https://www.w3schools.com/php/func_mysqli_error.asp https://craftpip.github.io/jquery-confirm/
If you want to handle the specific error, try it by detecting the exactly error number code. https://dev.mysql.com/doc/refman/5.5/en/server-error-reference.html https://www.php.net/manual/es/mysqli.errno.php
You can use:
if (mysqli_error($conn)) {
$error = 'Oops something went wrong!';
}
echo $error;
The $conn stands for the database connection through which the query was carried out.
