mysqli or die, does it have to die?

Asked 10/3, 2013 at 2:53 Answered 10/3, 2013 at 8:33

If I use a bit of code like this:

$update_result = mysqli_query( $link , $sql_update_login ) or die ('Unable to execute query. '. mysqli_error($link));

Does it have to die or can you put a different query afterwards? Like a predetermined function that writes a log of the error to another table? Such as:

$update_result = mysqli_query( $link , $sql_update_login ) or function('$query, $error);

What are the other options after 'or'? I haven't found it in the documentation, any clues are appreciated.

Playroom answered 10/3, 2013 at 2:53 Comment(2)

If you want to execute the function on success of the previous query, use and instead of or. – Tomi 10/3, 2013 at 3:0

Sure you can call a function after the or (it is an operator, as Blender says below). Defining one as you appear to be doing, though, isn’t really possible or meaningful. – Hodgson 10/3, 2013 at 3:2

Does it have to die

Quite contrary, it shouldn't or die() ever.
PHP is a language of bad heredity. Very bad heredity. And or die() with error message is one of the worst rudiments:

die throws the error message out, revealing some system internals to the potential attacker
such error message confuses casual users, because they don't understand what does it mean
Besides, die kills the script in the middle, leaving users without familiar interface to work with, so they'd likely just drop out
it kills the script irrecoverably. While exceptions can be caught and gracefully handled
die() gives you no hint of where the error has been occurred. And in a relatively big application it will be quite a pain to find.

So, never use die() with MySQL errors, even for the temporary debugging: there are better ways.

Instead of manually checking for the error, just configure mysqli to throw exceptions on error, by adding the following line to your connection code

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

and after that just write every mysqli command as is, without any or die or anything else:

$result = mysqli_query($link, $sql);

This code will throw an exception in case of error and thus you will always be informed of every problem without a single line of extra code.

A more detailed explanation on how to make your error reporting production ready, uniform and overall sensible while making your code much cleaner, you can find in my article on PHP error reporting.

Palaeozoology answered 10/3, 2013 at 8:33 Comment(8)

Great explanation, just want to make one minor correction, the precedence of OR in php is actually lower than =, which is also why the assignment is assigned the return value of the first expression (which may be non-bool), and not the boolean resulting from the or-operation. Note that this is the only(?) difference between the OR and || operator. Try $result = mysql_query(...) || die('error') and you'll see that it wont work. – Vinosity 12/12, 2015 at 17:59

@Vinosity thank you for pointing out. It's a shame to confuse precedences after ranting in this very topic. Now it is corrected, can you please verify it? – Palaeozoology 13/12, 2015 at 15:23

Just saw this answer, while looking for something else. die; is great and should be used whenever there is a hack, or just plain doing something like header('LOCATION:https://www.ic3.gov'); die;. It's also fine to die; if there is a connection failure. This is a horrible answer. – Doucette 25/7, 2017 at 6:20

@Doucette do not confuse the of die(), exit() usage here.. Your common Sense explains here that or die() used in this case exposes system information.. Your usage header('LOCATION:https://www.ic3.gov'); die; is in fact not exposing system information also a fact the die or exit is needed there for security as you should not trust the http client to respect the redirect and will follow it. – Wyler 29/6, 2019 at 16:50

I'm not suggesting information goes to ic3. I was just using that as a redirect after you test for a hack, like if someone is trying to send information to your web page with obvious violations as to how you would expect one or more regular expressions to be. So the hacker is trying to see if they can expose weakness (even if you prevent). So that is just a redirect example using die;. Of course, it redirects them to ic3. What ic3 and your Browser Vendor does is beyond me. I should have made that more clear. Use die; all the time after a redirect. – Doucette 30/6, 2019 at 8:30

@Doucette just curious, can you tell a mysqli call from a redirect? – Palaeozoology 30/6, 2019 at 11:49

Answer says it shouldn't die ever. It's just not true at all. die is very useful. You wouldn't want malicious code executing the rest of your PHP script. It's taxing on the Server. Bad answer. To suppress errors use @ or suppress errors through Sever Settings. – Doucette 3/7, 2019 at 1:30

@Doucette You wouldn't want malicious code executing the rest of your PHP script...and how would that happen, exactly? As per this answer, if you enable the automatic mysqli error handling with the command shown, it replaces the or die by automatically crashing the application when any mysqli command fails. So it will never continue executing in that scenario. I think you misunderstood what's being proposed here. And suppressing errors is an even worse suggestion...that does allow the code to continue being executed, even after something bad went wrong! – Hoebart 30/9, 2022 at 12:14

or is just an operator (very similar to ||).

The or die() syntax works because or short-circuits, which means that if the first statement is true, True or X will always be true, so X isn't evaluated and your script doesn't die.

Coparcenary answered 10/3, 2013 at 2:56 Comment(1)

|| and or are not identical us2.php.net/manual/en/language.operators.logical.php – Sorbitol 11/12, 2015 at 16:15

Yes, you can provide a different function after the (or). I have tested the following:

mysqli_query($sel_db,'what!') or some_func(mysqli_error($sel_db));

function some_func($str) {
    die("ERROR: ".$str);
}

Dagon answered 10/3, 2013 at 3:1 Comment(1)

This just pointlessly redirects the output through an extra wrapper function, both adding nothing useful and failing to remove any of the flaws in the overall approach. – Hoebart 30/9, 2022 at 12:19

-3

It doesn't have to be die() specifically, but it needs to be something that'll make the script halt by calling exit() or die(), or something that throws an exception. Otherwise, the script will continue with the return value of that function (which is probably either null or some sort of junk) in $update_result, which will almost certainly cause problems.

Moreen answered 10/3, 2013 at 3:2 Comment(0)

Recommended topics

Hot tags