I'm getting mixed signals. The warning in the PDO documentation seems pretty clear that omitting the try-catch could compromise security. However, this thread suggests that it's not really necessary. In my opinion, it would be pretty annoying to wrap every query in a try-catch. Any advice on how to handle this?
You should have a try/catch around any statement that might throw an exception that you can reasonably handle. By reasonably handling, I mean logging, cleanly closing down the application, sending an email, fixing the problem if possible, alerting the user, adding information to the exception and rethrowing, etc.
The primary method of handling exceptions in PHP is the try-catch. In a nutshell, the try-catch is a code block that can be used to deal with thrown exceptions without interrupting program execution. In other words, you can "try" to execute a block of code, and "catch" any PHP exceptions that are thrown.
PDO will simply set the error code for you to inspect using the PDO::errorCode() and PDO::errorInfo() methods on both the statement and database objects; if the error resulted from a call on a statement object, you would invoke the PDOStatement::errorCode() or PDOStatement::errorInfo() method on that object.
There is a security risk, but you don't need to add try/catch everywhere. The risk is that if you don't catch an exception then the error message from the exception (which could contain sensitive information) might be shown to users.
But as the documentation states, you can instead add an exception handler. By redirecting to a generic error message, you can avoid showing sensitive information from error messages to your users.
Setting a generic error handler would seem like a very sensible thing to do in any case. You don't want to be showing your users cryptic error messages. Even if you do go with the "try/catch everything" approach, it's difficult to be 100% sure that you've caught every possible exception that could occur, so the exception handler should still be used as a fallback.
PDO has three configurable error modes. The default is just to set an error code, not throw an exception.
However, you should use PDO::ERRMODE_EXCEPTION
. The way PHP and PDO normally handle errors (i.e., to silently press on with the code and do the wrong thing without telling you) is absolutely crazy and a big reason for PHP's horribleness.
If something goes wrong with your query, the right thing to do is stop execution and throw an exception so you have a clear traceback and can find and fix the problem.
Plus, it's much easier (i.e., less "annoying") to use try-catch than it is to check errorCode
and errorInfo
after every single query. You should only use try-catch if you expect the possibility of the error and can do something about it--otherwise you should just let the exception bubble up. If it is an unexpected error, it's probably from a bug in your code and you should know about it via the exception so you can fix it!
If you want to do something special with reporting the exception (e.g. pretty-print it, send you an email, whatever), then register a default exception handler to take care of any uncaught exceptions. On a production system you should register a default exception handler that displays a generic 500 page and is light on error details, and log the full traceback somewhere else for debugging.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With