On 9/7/2010 3:33 AM, Thorsten Heymann wrote:
Yes sure, but you will consider, it is more than a nice to have to let the user know what field he filled incorrectly (e.g. in a webform,...). And it would be nice to this in an automated way.
I have to agree. Due to database design issues that the end user has no knowledge of, it is very common for the standard mysql error messages to be cryptic at best. I always intercept duplicate key errors and display an error that is much more meaningful to the end users.
For errors that I am not expecting, I never display them to the end users (I normally log them and email them to myself so I know there is a problem.) Many consider displaying raw error messages to the end user to be a security risk, especially in a web application.
That said, I do try and write my code and design my database such that even if my full schema and source code were available to the public, I wouldn't have to worry about security. However I'm sure my code isn't perfect, and I don't have full control over all of the possible ways my web sites could be compromised so I'm certainly not going to give an attacker help by displaying raw error messages.
Chris W -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
