On 9/7/2010 3:33 AM, Thorsten Heymann wrote:
> Yes sure, but you will consider, it is more than a nice to have to let
> the user know what field he filled incorrectly (e.g. in a
> webform,...). And it would be nice to this in an automated way.
I have to agree. Due to database design issues that the end user has no
knowledge of, it is very common for the standard mysql error messages to
be cryptic at best. I always intercept duplicate key errors and display
an error that is much more meaningful to the end users.
For errors that I am not expecting, I never display them to the end
users (I normally log them and email them to myself so I know there is a
problem.) Many consider displaying raw error messages to the end user
to be a security risk, especially in a web application.
That said, I do try and write my code and design my database such that
even if my full schema and source code were available to the public, I
wouldn't have to worry about security. However I'm sure my code isn't
perfect, and I don't have full control over all of the possible ways my
web sites could be compromised so I'm certainly not going to give an
attacker help by displaying raw error messages.