All geek questions in one place

Error Handling on a PHP Website

Can someone help me in the right direction on how to implement and at what stage should I add error handling code?

Web site:
a social network such as linkedin. MySql platform and PHP codeignitor. Requirement: 3 cases for errors:

  • Front end, for example, http codes. In this case, the user is redirected to the std message page. There is nothing to capture in a DB.

  • The second case is errors at the rear end, for example, if the server takes too much time, writing errors to the database, other database problems, code breaks, etc. It is expected that the user in all these cases will see only a window with an error message, someone was notified, try again later. "Like on facebook, except facebook, there is another error text based on the type of error.

  • The third type of error is associated with the session: cookies that were violated during the session, and timeouts that occur in this case, display a login window.

My question is:

  • In order to fix all the various errors that relate to case 2, can this be done at the same time that development is underway, or should developers return to the error trap at the end of the project for each entry, a point in the code that can amount to millions of lines of code ?

  • My team tells me that they do not know all the possible cases where an error can occur in case 2 before the completion of the entire development. But I maintain that the hasling error code does not matter at all. The only addition to the code is a suggestion on catching errors for the category of errors that we want to capture, and an error message for explode, if different, which can be added at any time, but the main error code is the same, so it can be written even before start development?

  • How can I find everything possible or catch for all possible cases, an error can occur in case 2, where there may be hundreds of cases associated with something to explode at any level or errors in reading / writing a database, etc. Do we need a separate code for each or a common code that catches everything?

My developers are also new, and therefore I donโ€™t think that anyone knows exactly when and how to approach error handling on the site. If an error occurs on the systemโ€™s backend, an email will be sent to the administrator, and I will create an error tracking system so that we can track problems in the automatic backend with status, type, notes, etc.

+4
source share
2 answers

1.To capture all the various errors that relate to Case 2, can this be done at the same time while development is underway, or should developers go back and add an error at the end of the project at each entry point in the code, which can be millions lines of code?

Both, but, as a rule, are needed only during development. In fact, it is important to determine what types of errors can occur in each line of code (especially if you capture data from external or database sources), so you need to consider everything at every step. To help insert handling of special cases after everything is already in place, the error handling game begins here. Just pay attention to what error levels will never cause your custom error handling. You may also be interested in the Exception class. Again, to simplify the insertion of handling special cases, only by making updates in fewer spots, add the Exception class to your own custom error object.

2. My team tells me that they do not know all the possible cases when an error can occur in case 2 until the development is complete. But I maintain that the hasling error code does not matter at all. The only addition to the code is a suggestion on catching errors for the category of errors that we want to capture, and an error message for explode, if different, which can be added at any time, but the main error code is the same, so it can be written even before start development?

Kind of the same question as # 1. IMHO, you're right. And in some cases, they too. One developer really cannot know what types of errors the other developer code generates until they see the code or keep its final documentation.

3.How can I find everything possible or catch for all possible cases, an error may occur in case 2, where there may be hundreds of cases associated with something that happens at any level or errors in reading / writing a database, etc. Do you need a separate code for each or a common code that catches everything?

Again coming out of question # 1, using custom error handling functions or extending the Exception class (even making separate classes to handle database attempts / catches against trying to access files / catches, etc.), this should help a lot. Say that you will discover a new possible error that the database may wipe. If you already have connection and query functions wrapped in try / catch blocks, you only need to add script processing to the extended Exception class, and not wherever your DB functions exist. For example, you might choose to just do something similar for all of your db connections. DB_Exception In this case, your extended version of Exception , which in itself can perform any number of troubleshooting tasks:

 function db_connect() { $MySQLi = new mysqli(DB_HOST, DB_USERNAME, DB_PW, DB_NAME, DB_PORT, DB_SOCKET); if ($MySQLi->connect_error) throw new DB_Exception($MySQLi->connect_error); if ($MySQLi->error) throw new DB_Exception($MySQLi->error); return $MySQLi; } try {$MySQLi = db_connect();} catch (DB_Exception $e) {if (!$e->is_fixed_now) die($e->special_message);}

You can also have an extended reference to the Exception class of the set of ready-made answers listed by the $code construction argument. But you really should not try to apply special error handling for every conceivable database error that you might get. This is much more efficient, and usually itโ€™s not just a burden, which in most cases simply captures the text of the MySQL error no matter what it may be, and redirects it to your administrators.

As for the text that you display to the user, it is better to always keep it simple and informative, giving absolutely nothing about the internal work of your site. Example: your database server crashed or someone mistakenly missed file permissions: all you have to say to the user: "Sorry, technical difficulties, this specific content is not available just now, our employees have been notified, please try again later . @ so.com or call support at 555-1212. " You can also make a canned message based on the Exception $code argument as above, but donโ€™t give anything, which will help in case of a website attack.

In addition, "On the system server, if an error occurs, an email will be sent to the administrator." This is actually not a good idea. The user can simply sit there, showing the update again and again, until he magically starts working again. You can easily get into the email storm. One possible solution is to run a 10-minute test of cron to see if the error log has been changed in the last 10 minutes, and instead send a summary of the new log entries. Or, if you have a ticket system for errors, in case of a script error, open it only if an open ticket on this topic does not exist.

+3
source
  • Corresponding error pages should be provided for the HTTP errors that you expect to generate. These pages should contain minimal information about what the error is and indicate the appropriate repeat / follow-up actions for the user. More importantly, another reference to safe areas.
  • A complete list will become known as development progress. This is normal for any construction process. Any actions that cannot be fixed in the code should be handled by the page generation code. They can be processed by logging and creating the corresponding HTTP error page (already done in processing 1.). It would be advisable to handle the error by class, rather than the specific conditions of the error. The actual state of the error should not be reported to the user if the user cannot correct it himself.
  • Use a common catch code for all errors and respond with an error class. In many / most cases, you need to create a stack trace in the error log. Create the appropriate HTTP error code to display. Review the HTTP specification for the relevant HTTP responses.
  • Form validation is a separate category and must be handled appropriately during input validation. This should result in a rediscovery of the page with the corresponding built-in error messages.
0
source

Source: https://habr.com/ru/post/1332637/

More articles:


All Articles