Any way to mask a "Fatal Error" on a REST API and instead give a user-friendly error message?

Question

I'm working on a REST API that I can use on my current and future projects for the Company. I'm not new in PHP but my knowledge of it is also not that much.

So currently, I'm trying to simulate a possible error both when an invalid query or a non-existing function is being called. I've tried several snippets such as here, here, here, and here - but none of them worked for me. It still throws a generic error that shows the entire stack trace, a portion of the query where the error occurred, file and line number of where the error was encountered. I know and I have read that Fatal Errors are not supposed to be caught by any try/catch block even with Throwable Exceptions but I would still rather not throw such information that could lead to a possible security vulnerability.

Below is a sample of the Fatal Error message I encountered that the try/catch block was not able to record:

<br />
<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1305 FUNCTION
test_api_db.VERSIONs does not exist in C:\xampp\htdocs\my-api\app\services\v1\test\test_1_route.service.php:29
Stack trace:
#0 [internal function]: PDOStatement-&gt;execute()
#1 [internal function]: Phalcon\Db\Adapter\Pdo-&gt;executePrepared(Object(PDOStatement), Array, Array)
#2 [internal function]: Phalcon\Db\Adapter\Pdo-&gt;query('SELECT VERSIONs...', NULL, NULL)
#3 [internal function]: Phalcon\Db\Adapter-&gt;fetchOne('SELECT VERSIONs...', 4, NULL)
#4 C:\xampp\htdocs\my-api\app\services\v1\test\test_1_route.service.php(29):
Phalcon\Db\Adapter-&gt;fetchColumn('SELECT VERSIONs...')
#5 C:\xampp\htdocs\my-api\app\routes\v1\test\test_1_route.php(57):
myAPI\App\Services\v1\Test\Test1RouteService-&gt;GetDbVersion()
#6 [internal function]: Closure-&gt;myAPI\App\Routes\v1\Test\{closure}()
#7 C:\xampp\htdocs\my-api\index.php(55): Phalcon\Mvc\Micro-&gt;handle()
#8 {main}
thrown in <b>C:\xampp\htdocs\my-api\app\services\v1\test\test_1_route.service.php</b    on line <b>29</b><br />
Error#Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1305 FUNCTION test_api_db.VERSIONs does not exist in C:\xampp\htdocs\my-api\app\services\v1\test\test_1_route.service.php:29
Stack trace:
#0 [internal function]: PDOStatement->execute()
#1 [internal function]: Phalcon\Db\Adapter\Pdo->executePrepared(Object(PDOStatement), Array, Array)
#2 [internal function]: Phalcon\Db\Adapter\Pdo->query('SELECT VERSIONs...', NULL, NULL)
#3 [internal function]: Phalcon\Db\Adapter->fetchOne('SELECT VERSIONs...', 4, NULL)
#4 C:\xampp\htdocs\my-api\app\services\v1\test\test_1_route.service.php(29): Phalcon\Db\Adapter->fetchColumn('SELECT VERSIONs...')
#5 C:\xampp\htdocs\my-api\app\routes\v1\test\test_1_route.php(57): myAPI\App\Services\v1\Test\Test1RouteService->GetDbVersion()
#6 [internal function]: Closure->myAPI\App\Routes\v1\Test\{closure}()
#7 C:\xampp\htdocs\my-api\index.php(55): Phalcon\Mvc\Micro->handle()
#8 {main}
  thrown<br>Line#29<br>File#C:\xampp\htdocs\my-api\app\services\v1\test\test_1_route.service.php<br>

If it helps, I'm using PhalconPHP (3.4.3) on PHP (7.3.0) as it provides me all the things I need to start working on an API with what little knowledge I have.

Answer 1

Fatal errors in php 7.x are not Exceptions but they're instances of Throwable.

Instead of catching Exception you can catch Throwable and return an error message.