I have been trying to convert code over to using mysqli prepared statements (Converting from mysqli to prepared statements). I have the following code which I can not silence the error message from the call. Instead it is spitting out the "PHP Fatal error: ..." which halts the script so the error code is not executing but because the error is spitting out, only the header is being shown to the user.
Also note, I was attempting to also convert over to using the native php error handling as described by 'Your Common Sense' in the referenced post, but reverted back to the traditional "if (! ...) {...}" style of code due to issues not mentioned by that person (by doing that conversion). All of these modifications have been reversed that I can see.
Now for the code (and note that there is an intentional misnaming of the DB table to throw an error for checking of the code)...
$SQL = "SELECT * FROM Issues2 WHERE id=? AND disabled='0' LIMIT 1";
if (! $PRE = @mysqli_prepare($linkDB, $SQL)) {
echo "<f><msg>ERROR: Could not prepare query: ".$SQL.", ".mysqli_error($linkDB)."</msg></f>";
} else {
...
}
I have tried calling the mysqli_prepare() call with and without the prepended '@' symbol, but no luck... I should be getting the "ERROR: Could not prepare ..." message, but instead I just get the XML header alone. Any help would be appreciated!
You must be using
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
to enable automatic error reporting from mysqli functions; otherwise, they just return a falsey value and you have to check for this in your code. Unlike built-in PHP functions, @ doesn't suppress these error reports.
Use
mysqli_report(MYSQLI_REPORT_OFF);
// do stuff with explicit error checking
// ...
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
if you want to temporarily disable this. Or remove the above call if you want to revert to explicit error checking everywhere.