Science Library - free educational site

Debugging and validating data

Validating Form Data

When a form is filled in by a user, the data entered needs to be checked for correct type (number as opposed to letters), completeness, and for security purposes (to prevent hacking attacks).

Debugging

A programmer quickly learns that bugs come seemingly guaranteed with the package.

There are basically three types of error:

  • Syntactical
  • When something is typed wrongly, or punctuation is left out or included incorrectly, in most cases PHP will return an error. This may be a parse error, which stops the script from running at all, or a run time error.

  • Logical
  • A bug which is hard to detect because as far as the computer is concerned there is nothing wrong with the script. However, the programme is using the wrong data, such as a parameter, or doing something undesirable such as entering a perpetual loop.

  • Run Time
  • The script does not stop running, but fails to complete everything it is written to perform.

Where the error lies

Syntax errors can be simple typos in a PHP script to confused query syntaxes. MySQL is good at providing information about where the error lies. With practice (and believe you will get lots of practice with errors) you will learn to interpret the error messages, and identify the difference between invalid variable type to no access to a database.

Where it is more difficult to find the error is in PHP-generated queries in a dynamic site.

Some basic steps to follow:

  1. Check you are using the right version of PHP and MySQL
  2. Run a phpinfo() file on your server, and it will return a file with all the settings.

    Place this code in an otherwise blank file, and save it as phpinfo.php in the root of your domain (or anywhere else you like).

    <?php

    phpinfo();

    ?>

    Be sure to remove the file once you have finished. It contains too much information which a hacker could make use of.

  3. Check you are running the right (and saved) page
  4. It is easy to fall into the trap of editing a different page to the one you are viewing. Do not forget to save any changed files before uploading.

  5. Try the same file on a different browser
  6. A programmer gets used to cross-browser and device testing. Browsers are not standardised as much as they perhaps should be, and some errors are unique to particular versions of browsers.

  7. Check the standard data validation is in place
  8. Users of a website may not behave in the way a programmer predicted they would. Data validating is a first step in preventing usage errors.

  9. Turn on display errors
  10. The ini_set('display_errors', 1) within php tags will cause the page to report errors when they occur.

Suppressing errors

Although it is useful to see errors as they occur during development of a site, once the site goes live, it is advisable no to allow errors to be displayed to anyone else. This is not only unaesthetic and smacks of unprofessionalism, it is dangerous, since it reveals too much sensitive information.

Individual expressions may be suppressed by adding a '@' symbol in front of it. for example, if you don't want to display an error when the config file could not be found: @include('config.inc.php');

Another way to control the degree to which PHP reports errors is using error_reporting(0).

For example, error_reporting(0) will show no errors, and error_reporting(E_ALL) will report every error that occurs.

Custom Error Handlers

Writing errors to a log

int file_put_contents( string $filename , mixed $data[, int $flags = 0[, resource $context ]])

filename is created if it does not previously exist.

By default the existing file is overwritten. To add to the file without losing pre-existing data, set the FILE_APPEND flag.

Example:

file_put_contents(filepath.'error_log/' . date('d-m-Y').'.txt', $message, FILE_APPEND | LOCK_EX);

In this case, an error message file is sent to a file named the current date (e.g. 07-10-2015.txt), and any subsequently generated error messages are appended.

LOCK_EX prevents a simultaneous transaction occurring.

Testing variable type

Integer validation in PHP: To test that a variable is an integer:

if (isset($var) && !filter_var($var, FILTER_VALIDATE_INT) === false) {

// variable $var satisfies the condition of being an integer }

Content © Renewable-Media.com. All rights reserved. Created : August 12, 2014 Last updated :January 10, 2016

Latest Item on Science Library:

The most recent article is:

Trigonometry

View this item in the topic:

Vectors and Trigonometry

and many more articles in the subject:

Subject of the Week

Universe

'Universe' on ScienceLibrary.info covers astronomy, cosmology, and space exploration. Learn Science with ScienceLibrary.info.

Science

Great Scientists

Edwin Chadwick

1800 - 1890

Sir Edwin Chadwick was an English social reformer who was instrumental in bringing about reform in Britain, particularly with regards sanitation and public health.

Sir Edwin Chadwick
SaraOrdine

Quote of the day...

Mathematics knows no races or geographic boundaries; for mathematics, the cultural world is one world.

ZumGuy Internet Promotions

Transalpine traduzioni