PDOException : get the bad query with exception handler

**Toby A Inkster** · Feb 19 '07, 01:15 PM

Re: PDOException : get the bad query with exception handler

Tonio wrote:

I got and an exception handler, and I want, for each PDOException
throwned, to get the whole query which didn't works.

Not from the exception itself, no.

$exception->errorInfo[2] has some useful info, but its contents are
engine-specific, so may or may not contain the original SQL query
that triggered the error.

Why do you want to know the offending SQL query anyway? If you report
it back to the user, it could reveal a vulnerability in your code,
which could be used by a malicious user as a weak point to break into.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

**Captain Paralytic** · Feb 19 '07, 02:05 PM

Re: PDOException : get the bad query with exception handler

On 19 Feb, 12:58, Toby A Inkster <usenet200...@t obyinkster.co.u k>
wrote:

Why do you want to know the offending SQL query anyway? If you report
it back to the user, it could reveal a vulnerability in your code,
which could be used by a malicious user as a weak point to break into.

Maybe he wants to log it somewhere.

**Tonio** · Feb 20 '07, 02:05 PM

Re: PDOException : get the bad query with exception handler

Maybe he wants to log it somewhere.

That's it ! :)

**Tonio** · Feb 20 '07, 02:45 PM

Re: PDOException : get the bad query with exception handler

So, what I do :

I extend Pdo and keep the last query in a static variable, kept up-to-
date by extending the query,and prepare method. (At minimum ;))
That is logged by the exceptionHandle r when an error occurs.

Sorry for this horrible english ;)

Tonio

**Toby A Inkster** · Feb 20 '07, 04:05 PM

Re: PDOException : get the bad query with exception handler

Tonio wrote:

>Maybe he wants to log it somewhere.

>
That's it !

My only advice then would be to try extending PDO itself:

class MyPDO extends PDO
{
function query ($q)
{
try
{
return parent::query($ q);
}
catch (PDOException $e)
{
$e->errorInfo[999] = $q;
throw $e;
}
}
function exec ($q)
{
try
{
return parent::exec($q );
}
catch (PDOException $e)
{
$e->errorInfo[999] = $q;
throw $e;
}
}
}

Then instead of using PDO, use MyPDO instead. When a PDOException is
thrown, you will now be able to inspect $e->errorInfo[999] to find the
cause of the error.

If you use prepared statements (and it is generally a good idea to do so!)
then you will also want to extend PDO->prepare() and PDOStatement->execute().
The only problem I forsee with that is a possible difficulty in cajoling
MyPDO->prepare() to return a MyPDOStatement object instead of a PDOStatement
object.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!

**Tonio** · Feb 21 '07, 10:55 AM

Re: PDOException : get the bad query with exception handler

Humm, good idea, nicer as mine !

Thanks a lot !

PDOException : get the bad query with exception handler

PDOException : get the bad query with exception handler

Comment

Comment

Comment

Comment

Comment

Comment