Exc Handling and User Friendly, Secure ErrMsgs

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
In my efforts to design a good Database layer, I've used exceptions and
wanted to implement best practices for this project.  Obviously an
uncaught exception creates a Fatal Error and stops execution.

Currently, I see the best scenario, as:
if there is an error in the DB layer, throw a DBexc which effectively,
logs all SQL and problem info.  In the catch block, throw a general
error, with a more generic statement, and possibly include a logging ID
or # with it. ( avoids sending SQL statements to the screen )

Does this sound sensible, or the best way to do this ?
other options ?
is is common to use  set_error_handler  ?
What about recovery ?  does execution have to terminate ?

I'm also interested in programming this system, with security in mind,
ie: avoid SQL injection.
I haven't researched it fully, but I have seen posts, reccommending
addslashes(), etc.

I'm using PEAR::DB,  and looking forward to any responses.

Re: Exc Handling and User Friendly, Secure ErrMsgs

Any feed back on this topic ?

Site Timeline