Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m getting mixed signals. The warning in the PDO documentation seems pretty clear that omitting the try-catch could compromise security. However, this thread suggests that it’s not really necessary. In my opinion, it would be pretty annoying to wrap every query in a try-catch. Any advice on how to handle this?
There is a security risk, but you don’t need to add try/catch everywhere. The risk is that if you don’t catch an exception then the error message from the exception (which could contain sensitive information) might be shown to users.
But as the documentation states, you can instead add an exception handler. By redirecting to a generic error message, you can avoid showing sensitive information from error messages to your users.
Setting a generic error handler would seem like a very sensible thing to do in any case. You don’t want to be showing your users cryptic error messages. Even if you do go with the “try/catch everything” approach, it’s difficult to be 100% sure that you’ve caught every possible exception that could occur, so the exception handler should still be used as a fallback.