#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2013
    Location
    New York City, New York
    Posts
    28
    Rep Power
    0

    Prepared statement in if conditional not working as expected


    EDIT: Nevermind, my issue was that the function wasn't returning anything. The DB connection wasn't being returned out of the function.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    you need to turn your error reporting on. If you suppress errors like you currently do, it's no wonder you run into all kinds of problems. Maybe half of your code cannot even be handled by PHP.

    However, internal error messages are not meant to be displayed on your website. I have no idea why everybody thinks they should dump their MySQL errors on the screen, but this is an awful idea. It helps attackers by giving them internal information about your system, and it irritates legitimate users with weird error messages. When I see a MySQL error popping up somewhere, I usually don't visit that website again.

    There's a difference between developers and end users. Developers should get detailed error messages with all data necessary to fix the problem. This data is written to a log file. End users have nothing to do with your internal errors. Whether you're having issues with your database server is none of their business. All they get is a generic error message and a proper HTTP error code.

    See The mystery of errors and exceptions.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

IMN logo majestic logo threadwatch logo seochat tools logo