0

What are your thoughts of using the following function to log mysql errors?

<?php
function sql_query($query)
{
  $q = mysql_query($query);
  if(!$q)
  {
    mysql_query('INSERT INTO mysql_errors (error_query, error_about) VALUES ('.
    $query.', '.mysql_error().' )');
  }
  return $q;
}
?>

Do you find it useful? How can it be improved?

Improve this question

4 Answers 4

Reset to default
1

Should be:

mysql_query("INSERT INTO mysql_errors (error_query, error_about, error_date) VALUES ('".
    mysql_real_escape_string($query)."', '".mysql_real_escape_string(mysql_error())."',NOW())");

I added a date field and sanitised input. There needs to be a way to differentiate new and old errors and a date field does that.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I could use this, if I found a way to induce the right error, to do an SQL injection.

Why not just use MySQL's native error log? Is there some reason to stuff them back into the DB?

Improve this answer

Comments

0

It looks like you've not sanitized input, what if $query contains '? It would cause another SQL error.

Improve this answer

Comments

0

Provided, of course, you already have your database connections open and do not need to open them here the function would work as expected as long as you have single quotes around the values in the second query. On a related note, is the mysql_error log not sufficient?

Improve this answer

2 Comments

My website is hosted not on my server and I look through the database using phpMyAdmin
Then in that case, make sure you are scrubbing your inputs as the others have mentioned and wrap the inputs in single quotes in the query.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.