未捕获的 PDOException 显示用户名和密码 [英] Uncaught PDOException reveals username and password

问题描述

try {
    self::$dbinstance = new PDO(
        "mysql:host=$c[host];dbname=$c[dbname]", $c['user'], $c['password']
    );

    self::$dbinstance->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} 
catch(PDOException $e) {
    echo "Errors" . $e->getMessage();
}

在上面的代码中，如果 PDO 无法连接到主机，fatal error 会显示用户名和密码.

In the above code, if PDO fails to connect to the host, a fatal error reveals the username and password.

Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2003]
Can't connect to MySQL server on '172.25.102.65' (10060)' in
D:xampphtdocsmytestwh_client_2.1classesimportmodule-class.php:33 Stack trace: #0
D:xampphtdocsmytestwh_client_2.1classesimportmodule-class.php(33): PDO-
>__construct('mysql:host=172....', 'host', 'password') #1

一种可能的方法是在 php.ini 中关闭 display_error=0，但这样我就无法知道当我的主机没有响应时.

One possible way is to turn the display_error=0 off in php.ini, but this way I won't able to know that when my host is not responding.

有没有办法修改错误信息?

Is there a way I can modify the error message?

推荐答案

错误处理和错误报告之间存在差异.

There is a difference between error handling and error reporting.

• 错误处理是防止您的最终用户看到任何堆栈跟踪、重要信息或自动生成的错误消息的过程.它还可以通过使用 try catch 块来修改脚本的运行方式.
• 错误报告定义了给定脚本将报告哪些信息.

• Error handling is the process of preventing your end users to see any stack trace, vital information or automatically generated error messages. It can also modify the way your script runs by using a try catch block.
• Error reporting defines which information will be reported by a given script.

为了正确处理错误，我认为 ini_set('display_errors',0); 是更好的方法.您不希望屏幕上显示任何错误消息.

To handle errors properly, I think that ini_set('display_errors',0); is the better approach. You do not want any error message displaying on the screen.

但是，我想获得所有可能的错误信息，所以我使用了error_reporting(E_ALL);.

However, I want to have all possible information on errors, so I use error_reporting(E_ALL);.

错误写在文件error_log 中，该文件通常与您的index.php(或任何直接调用的PHP 文件)位于同一级别.您也可以从您的 cPanel 访问它.

Errors are written in a file, error_log, which usually resides at the same level as your index.php (or any PHP file called directly). You can also access it from your cPanel.

您的错误可能未被捕获，因为您的代码位于命名空间中，而您想要捕获全局命名空间 PDOException.使用 指示您正在寻找全局 PDOException 的脚本.一旦发现错误，就可以使用 的常规方法回显您想要的内容PDOException 类.

Your error is probably uncaught because your code is in a namespace, whereas you want to catch the global namespace PDOException. Use a to indicate your script you're looking for the global PDOException. Once you catch your error, you can echo the content you want, using the normal methods of the PDOException class.

try {
    $db = new PDO (/*connection infos*/);
}
catch (PDOException $e) {
    switch ($e->errorCode()) {
        case 'HY000':
        // Or whatever error you are looking for
        // here it's the general error code
            mail('your@email.com','connection problem',$e->getTraceAsString());
            $db = new PDO (/*rollback connection infos of a local database*/);
            break;
    }
}

这会向您发送一封邮件，其中包含错误的痕迹，防止您的用户在告诉您出现问题时看到它.

That would send you a mail, containing the trace of the error, preventing your user from seeing it while telling you something is wrong.

这里是参考 用于 PDO 语句返回的错误代码.

Here is the reference for the error codes returned by PDO statements.

这篇关于未捕获的 PDOException 显示用户名和密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！