Best way to track mysql errors and sql injections.

In the freelancing world. Most of the developers write mysql applications with less security and query control.

Here is a tip I would like to share with the programmers by which you will track the application die queries and its reasons.

According to normal practice most of the developer using the following syntax.

$query="SELECT * FROM foo WHERE id=".$_POST['var'] ;
$result=mysql_query($query) or die (mysql_error());

I would like to focus on the die() function.
You will create a custom function which will send you the following details through email.

1. Script Name.
2. Query.
3. Error.
4. Time.

We will use phpmailer for emailing the information. You can download phpmailer from phpclasses.org.

Error Handling Function:

include phpmailer.php
function error_handle($query,$error,$script_name){

$msg="Mysql Error Report:
Query:".$query."
Error:".$error."
File Name:".$script_name."
Date:".date('d, m, y h:m');

$mail = new PHPMailer();

$mail->From = 'debug@domain.com';
$mail->FromName = 'Auto bug reporter'; //$from;
$mail->Sender = 'debug@domain.com';
$mail->Subject = 'A query die at your website.';
$mail->IsHTML(true);
$mail->Body = $msg;
$mail->AddAddress('tech@domain.com') ;
unset($mail);

}

Now you will write your queries like the following pattern.

$filename=$_SERVER['SCRIPT_FILENAME'];
$query="SELECT * FROM foo WHERE id=".$_POST['var'] ;
$result=mysql_query($query) or die (error_handle($query,mysql_error(),$filename));

### End and enjoy providing support to your clients and also keep an eye at sql injections with this code. You can also advance and modify it according to your need.