Do I need more Error-Handling?

[doubledee]

I have a prepared statement that returns an Article from my database.  It then binds the results-set to variables.

 

Most of the fields in the query are "required", so I *assume* that I am guaranteed to always get values back for those fields...

 

Is that presumptuous?

 

Here is a snippet of my code...

// Execute query.
mysqli_stmt_execute($stmt);

// Store results.
mysqli_stmt_store_result($stmt);

// Check # of Records Returned.
if (mysqli_stmt_num_rows($stmt)==1){
	// Article was Found.
	$articleExists = TRUE;

	// Bind result-set to variables.
	mysqli_stmt_bind_result($stmt, $articleID, $title, $description, $keywords, 
						$heading, $subHeading, $publishedOn, $author,
						$body, $referenceListing, $endnoteListing);

	// Fetch record.
	mysqli_stmt_fetch($stmt);

	// Close prepared statement.
	mysqli_stmt_close($stmt);								// ????

 

 

Is it sufficient to have code like this...

 

	<title><?php echo $title; ?></title>

 

...or do I need more error-handling??

 

Hope that makes sense?!

 

Thanks,

 

 

Debbie

 

 

[Muddy_Funster]

There are always occassions where the query may time out, the server may be down or the connection may have been reset.  I'd still check / report on most errors.  that the report may never fire is fair enough, but that there may be a problem that is never reported is never good.

[doubledee]

There are always occassions where the query may time out, the server may be down or the connection may have been reset.  I'd still check / report on most errors.  that the report may never fire is fair enough, but that there may be a problem that is never reported is never good.

 

So what error-handing would you in the block where my prepared statement is at?

 

What about in my HTML/PHP where the $title is displayed?

 

 

Debbie

 

[scootstah]

You don't necessarily need to output an error. Just design in such a way that unhandled errors aren't going to happen. For example don't rely on a database query happening and then have a bunch of undefined variable errors.

 

If you rely on something that should always happen, then you could always do a 500 - Internal Server Error if it doesn't happen. It will likely only be a very temporary thing, like a hiccup in the database or something. You can turn on error logging in the background to give you more detailed information without the public knowing. After all, when your server takes a shit the last thing you want to do is tell everybody the problem.

 

 

[kicken]

// Execute query.
if (mysqli_stmt_execute($stmt)){
// Bind result-set to variables.
mysqli_stmt_bind_result($stmt, $articleID, $title, $description, $keywords, 
					$heading, $subHeading, $publishedOn, $author,
					$body, $referenceListing, $endnoteListing);

$articleExists = mysqli_stmt_fetch($stmt);
if ($articleExists){
	//whatever
}
}
// Close prepared statement.
mysqli_stmt_close($stmt);

 

That should be sufficient.  You want to check whether the query executed by checking the return value from mysqli_stmt_execute().  For determining if there was data in the query, rather than checking the number of rows, check whether the fetch was successful by the return value of mysqli_stmt_fetch.

 

If the fetch was successful, your bound variables should all be set and you can use them where needed.

 

[doubledee]

Why did you leave this line out??

 

	// Store results.
	mysqli_stmt_store_result($stmt);

 

 

Debbie

 

[kicken]

I don't think it is necessary, however it has been a long time since I have used mysqli.  I have been using PDO for the last couple years, and the equivalent is not necessary with that API.

 

If it doesn't work, add it back, just after the mysqli_stmt_execute.