PDO showing connection data if catch trigger inside Alert(result)

Asked

Viewed 49 times

3

Because in my alert(result) ajax the catch of PDO is showing my connection information to the database as shown in the following image: http://puu.sh/bel2Z/e7f230ab8d.png

Code:

    $pdo = new PDO("mysql:host=localhost; dbname=meubanco", "meuuser", "minhasenha");
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sql = $pdo->prepare("INSERT INTO wp_contatos VALUES ('', :nome, :email, :message, :data)");
    try {
        $sql->execute(array(
            "nome"      => $_POST['nome'],
            "email"     => $_POST['email'],
            "message"   => $_POST['message'],
            "data"      => date("Y-m-d h:i:s")
        ));

        $resposta = "Sua solicitação foi recebida com sucesso. Em breve entraremos em contato.";

    } catch(PDOException $e) {

        $resposta = "Sua solicitação não foi recebida com sucesso. Favor entrar em contato pelo telefone 0800";

    }

    echo $resposta;

}
php jquery ajax pdo

1 answer

4


Check your user and database passwords. They may be wrong.

$pdo = new PDO("mysql:host=localhost; dbname=meubanco", "meuuser", "minhasenha");

To ensure that connection information is not displayed, it is recommended that you disable the error_reporting on the production server

You can do this from the file php.ini, amending the directive display_error for off

display_errors = off

Or directly via code, with the function error_reporting.

<?php

error_reporting(0);

Another thing you can do to avoid the error message is to put the connection to the bank inside the block try:

    try {
        $pdo = new PDO("mysql:host=localhost; dbname=meubanco", "meuuser", "minhasenha");
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        $sql = $pdo->prepare("INSERT INTO wp_contatos VALUES ('', :nome, :email, :message, :data)");

        $sql->execute(array(
            "nome"      => $_POST['nome'],
            "email"     => $_POST['email'],
            "message"   => $_POST['message'],
            "data"      => date("Y-m-d h:i:s")
        ));

        $resposta = "Sua solicitação foi recebida com sucesso. Em breve entraremos em contato.";

    } catch(PDOException $e) {
        $resposta = "Sua solicitação não foi recebida com sucesso. Favor entrar em contato pelo telefone 0800";
    }

    echo $resposta;
}

In this case the exception message would be displayed.

  • Precisely, but if for some reason you have error in these Infos, the PDO will show all the connection data?

  • If the production server configuration is configured to display errors it is enabled, yes it will display.

  • Can I set up in the connection file so it doesn’t show these errors? It goes that the bank drops for example, then everyone gets to know the Infos !!!

  • See the editing of my answer. Ideally disable in the file php.ini server.

Browser other questions tagged php jquery ajax pdo

You are not signed in. Login or sign up in order to post.