Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

When should you prepare and execute using `try` and `catch` using PDO?

Tags:

exception

php

pdo

I have been using PDO for a couple of years now but I have never fully researched when you should prepare and execute using try and catch.

My understanding is that you should use try and catch when data may contain user input.

So this code for example is safe:

public function getDetails($filename, $what){
    $query = $this->handler->prepare('SELECT * FROM videos WHERE v_fileName = :v_fileName');
    try{
        $query->execute([
            ':v_fileName' => $filename
        ]);
    }catch(PDOException $e){
        return $e->getMessage();
    }
}

$filename in this example is something which comes from the URL.

When not getting anything from the URL for example like this it is also completely save:

$query = $this->handler->prepare('SELECT * FROM videos WHERE u_id = :u_id ORDER BY v_id LIMIT :climit,1');
$query->execute([
    ':u_id'     => $this->user->getChannelId($userid),
    ':climit'   => $optional[1]
]);

$fetch = $query->fetch(PDO::FETCH_ASSOC);

Is my understanding of preparing statements correct and if not, how should I do it?

like image 992
Tom Avatar asked Apr 23 '26 15:04

Tom

1 Answers

Only when you have a very good reason to do so.

This doesn't apply to only PDO exceptions. The same goes for any exception. Only catch the exception if your code can recover from it and perform some other action instead.

Catching exceptions just to echo or return $e->getMessage(); is not a valid reason. Your code doesn't recover from the problem, you are just handicapping the exception.

A good example of when you might want to recover is if you are using database transactions and in case of failure, you want to rollback and do something else. You can call PDO::rollBack() in your catch and then make your code perform some alternative logic.

Try-catch is not a security measure. It has nothing to do with user input. It is used only in situations when you expect your code to fail, but you have a plan B to handle the situation.

For more information, you can read My PDO Statement doesn't work and the article PHP error reporting

like image 143
Dharman Avatar answered Apr 26 '26 04:04

Dharman
Sign in to Comment

Related questions

Paypal SetExpressCheckout requires DoExpressCheckout?
How to set or change entity value before saving using Symfony2
Split multi page PDF file into single pages [duplicate]
ERR_NAME_NOT_RESOLVED
Unicode (UTF8) string word count in PHP
Correct date formatting for a Google Calendar Event
Deprecated MySQL extension in PHP 5.5.x
Dynamic namespaced class with alias
Compilation failed: unknown property name after \P or \p
How to get the timestamp of curl request before it sends?
Creating a PHP PDO database class, trouble with the OOP
Using yql and php to scrape content
PHP convert $_POST values to string
Facebook Error: An error occurred with app. Please try again later
Why won't my basic PHP validation process in IE, FireFox or Opera?
Laravel 5.5 Query Builder whereRaw returns no results but raw SQL does
PHP - Filtering an array to delete the values with non-similar keys from sub-arrays
PHP readfile() invalid zip
PHP XML Traversing gone awry
PHP Dynamic page css bug

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!