ZF-51: Missing error handling in _connect() (TRAC#74)


File : Zend_Db_Adapter_Pdo_Abstract.php Function: protected function _connect() Line : 78 $this->_connection = new PDO(

    $this->_dsn(), $this->_config['username'], $this->_config['password'] );

If the connection fails due to uncaught exception, it would dump a plethora of info (as per the docs) onto the client browser including the connection details such as userid/password... (and what not?) for the world wild web to see.


try {

    $dbh = new PDO('mysql:host=localhost;dbname=test', $user, $pass); foreach ($dbh->query('SELECT * from FOO') as $row) {


    } $dbh = null; } catch (PDOException $e) { print "Error!: " . $e->getMessage() . "<br/>"; die(); }


Here is a patch to wrap the PDO connection in a try / catch.

New patch which removed the need for exit;

Personally, I would like to see you catch the PDOException and throw a Zend_Db_Exception. I would also pick out some of the most useful, common errors from using PDO errors via the errorCode, then put the text of those errors (or nicely re-written error) in as the string of the Zend_Db_Exception.

Basically Zend_Db_Exception needs to be a pretty interface to all db exceptions, with the added ability to be able to drill down into the Exception thrown by the internal Adapter. This means adding 2 methods, perhaps getAdapterMessage() & getAdapterCode() to be able to get the exact error code from the given internal adapter.

my 2 cents.


Add a try / catch and throw a Zend_Db_Adapter_Exception on failure