dongzhi9192
dongzhi9192
2014-06-30 11:27
浏览 27
已采纳

表单验证错误PHP Laravel

I have a question about handling form validation errors. When they are errors due to the input I display messages to the user. But when they are errors due to system integrity, I mean for example hidden inputs, and unsupported values, I don't think it is a good idea to show this type of errors the user, I should show a 400 page instead.

So What is the best way to handle this type of errors?

By the way I'm using Laravel4.

Sorry for my bad english, and thank you for your help.

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

2条回答 默认 最新

  • dot_0620
    dot_0620 2014-07-01 12:09
    已采纳

    It's true that internal (e.g. security) related errors should not be exposed to the user. This way you don't provide malicious users any critical info that might expose bugs or security holes whereby the integrity is improved. As you already wrote in your question, depending on what kind of error it is, you might return a 404 error page.

    In case of e.g. CSRF form protection, revealing errors might even break the security measure depending on the implementation and data exposed.

    I recommend you have a look on Google Webmaster Tools Help and on Wikipedia where the (4xx) HTTP Status Codes are explained in detail. Then choose the most appropriate for your use case.

    Use the PHP.ini and/or .htaccess to turn off error reporting (depends on your server setup - I assume you use Apache). There are several things you can do to not return errors and critical information to the user. For example, you might stop the server from sending the PHP version (the X-Powered-By header) to the users browser. You can override it or remove it completely. Then also use "pretty urls" to prevent the user from knowing your server side programming language. Also the most common measure I've seen is to disable "error_reporting" (which is standard for production code anyway - laravel provides error reporting options in the app config). Also have a look at this site: Advanced PHP Error Handling via htaccess .

    In the comments Thomas mentioned another case where it's recommended to get as much data as is available for logging and solving issues. I don't know your programming skills and experience, but have a search on Google about your specific question. Trust me, the answers are out there already. Don't search specifically for Laravel at first, as this might not return the desired results. Try to adapt the given solutions to the Laravel Syntax yourself. This also helped me to get to know the framework better.

    To make it short, decide depending on your use case on what to return to the user. Also consider if showing info at all is essential.

    In case you're still struggling, let me know and we'll try to get it solved.

    点赞 评论
  • drv16821
    drv16821 2014-06-30 11:46

    You should use

    Session::flash()
    

    Example with Session::flash():

    if(user_timeout())
    {
     Session::flash("error_timeout", "exceeded");
    }
    

    Here is the view:

    if(Session::has("error_timeout"))
    {
      ?>
      <p class='alert alert-danger'>You should login again to continue. </p>
    <?php
    }
    
    点赞 评论

相关推荐