List:General Discussion« Previous MessageNext Message »
From:Chris W Date:September 7 2010 7:43pm
Subject:Re: AW: Dup Key Error Messages
View as plain text  
  On 9/7/2010 3:33 AM, Thorsten Heymann wrote:
> Yes sure, but you will consider, it is more than a nice to have to let 
> the user know what field he filled incorrectly (e.g. in a 
> webform,...). And it would be nice to this in an automated way.

I have to agree.  Due to database design issues that the end user has no 
knowledge of, it is very common for the standard mysql error messages to 
be cryptic at best.  I always intercept duplicate key errors and display 
an error that is much more meaningful to the end users.

For errors that I am not expecting, I never display them to the end 
users (I normally log them and email them to myself so I know there is a 
problem.)  Many consider displaying raw error messages to the end user 
to be a security risk, especially in a web application.


That said, I do try and write my code and design my database such that 
even if my full schema and source code were available to the public, I 
wouldn't have to worry about security.  However I'm sure my code isn't 
perfect, and I don't have full control over all of the possible ways my 
web sites could be compromised so I'm certainly not going to give an 
attacker help by displaying raw error messages.

Chris W
Thread
Dup Key Error MessagesThorsten Heymann6 Sep
  • Re: Dup Key Error MessagesTompkins Neil6 Sep
    • AW: Dup Key Error MessagesThorsten Heymann6 Sep
      • Re: AW: Dup Key Error MessagesMySQL)6 Sep
  • Re: Dup Key Error MessagesCarsten Pedersen6 Sep
    • AW: Dup Key Error MessagesThorsten Heymann6 Sep
  • Re: Dup Key Error MessagesJoerg Bruehe6 Sep
    • AW: Dup Key Error MessagesThorsten Heymann7 Sep
      • Re: AW: Dup Key Error MessagesChris W7 Sep