Current time: 04-19-2014, 11:11 PM Hello There, Guest! (LoginRegister)

 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Improve mySQL error reporting
06-17-2010, 05:35 AM
Post: #1
Improve mySQL error reporting
Hello Guys,

I proposed a new way for reporting mysql errors that I think is more accurate for new developers, testers, and everybody:

Before
[Image: 508ef684764158.jpg]

Now
[Image: dcbe3484764156.jpg]

I could send a patch there are not many changes only in the class_db.php. I'm using the $main->error function

Cheers

Julio Montoya
BeezNest - http://www.beeznest.com
Blog: http://phpcommit.wordpress.com
Visit this user's website Find all posts by this user
06-17-2010, 05:45 AM
Post: #2
RE: Improve mySQL error reporting
Yeah, this seems way more accurate and easier to know what the actuall problem is. Awesome Smile

Regards,
Andraž Rihtar
Visit this user's website Find all posts by this user
06-17-2010, 10:01 AM
Post: #3
RE: Improve mySQL error reporting
maybe the extended error should be sent to a log file, because of two things:

1. the user does not want a syntax dump on their screen and
2. this could be exploited eventually?

Find all posts by this user
06-17-2010, 10:05 AM
Post: #4
RE: Improve mySQL error reporting
I've always wanted to include a debug mode but to be honest I didn't feel it was worth the time. I hide all of my errors on my servers to save my users the headache and from giving them to much information also. Big Grin

- KuJoe
▒ LvL8
▒ The Free Web Hosting Guide
▒ FreeWebHostingTalk


PM me for theme conversions @ $15!
Visit this user's website Find all posts by this user
06-17-2010, 10:49 AM
Post: #5
RE: Improve mySQL error reporting
My comments:

1. the user does not want a syntax dump on their screen
Forgot to say that this will be only showed for developers.
You just create a new config variable called "server_type" or "server_status" or whatever with 2 possible values, "Production" or "Test". Then if the server is a test mode then you could see all the debug messages. Smile

2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

It worth the time, unless you know every position of every sql query in the system. This is very useful for newcomers and if you want that the community report bugs more accurately , develop new features, bla bla etc

Julio Montoya
BeezNest - http://www.beeznest.com
Blog: http://phpcommit.wordpress.com
Visit this user's website Find all posts by this user
06-17-2010, 03:46 PM (This post was last modified: 06-17-2010 03:47 PM by Kevin.)
Post: #6
RE: Improve mySQL error reporting
(06-17-2010 10:49 AM)jmontoya Wrote:  2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

I'm guessing it displays the SQL queries with the variables parsed, so if any senstive data was in there, it could possibly be exploited. But since you can switch between Dev and Production mode it shouldn't be as much of a problem.

The only real exploit though would be an FPD (Full Path Disclosure) exploit. But I definitely like this. If you guys want it badly, we can't stuff it into 1.2.2 but it'll be on the board of 1.2.3 if we can get a patch of sorts. Thanks!

Kevin Mark - TheHostingTool Lead Developer
Visit this user's website Find all posts by this user
06-25-2010, 06:24 AM
Post: #7
RE: Improve mySQL error reporting
I create a issue in the google code for that, I'm also sending the patch there.

http://code.google.com/p/thehostingtool/...tail?id=28

Hope that helps Smile





(06-17-2010 03:46 PM)Kevin Wrote:  
(06-17-2010 10:49 AM)jmontoya Wrote:  2. this could be exploited eventually?
Since the code is public (google code) anybody can see all the sql queries of the system.

I'm guessing it displays the SQL queries with the variables parsed, so if any senstive data was in there, it could possibly be exploited. But since you can switch between Dev and Production mode it shouldn't be as much of a problem.

The only real exploit though would be an FPD (Full Path Disclosure) exploit. But I definitely like this. If you guys want it badly, we can't stuff it into 1.2.2 but it'll be on the board of 1.2.3 if we can get a patch of sorts. Thanks!

Julio Montoya
BeezNest - http://www.beeznest.com
Blog: http://phpcommit.wordpress.com
Visit this user's website Find all posts by this user


Forum Jump:


User(s) browsing this thread: 1 Guest(s)