+44 (0)114 299 8285
Select Page

This was the same client that a few weeks earlier found their database wasn’t working at all. The temporary fix they implemented worked in respect of looking up existing entries they now found that they couldn’t add new items.

The cause was very difficult to diagnose. I resorted to implementing my own separate program code to add items.  That worked so next I compared my “save to database” program code with theirs. There was no relevant difference. A real mystery.

Now when you collect data on a form in a web page, the normal process is to use Javascript to validate each field as you go, things like a check that a numeric field only contains numbers and a text field is no longer than a specified maximum length. Then when the completed form is sent to the server there’s more validation using PHP, probably repeating the initial Javascript validation in case a hacker has somehow circumvented that but then adding some further checks. Only then does the content get sent to the database. I noticed that there was no Javascipt or PHP validation. 
Somehow the input was being rejected by the “write to database” instruction.
A bit more digging found that a third level of validation was the cause.

When you create a database table you need to specify some rules about what each field can contain (e.g. numbers, text) and whether those fields can be empty. In the move of web hosts somehow the database specification had changed and those rules were being violated.

Programmers have to make decisions about database error reporting settings.  During testing they will want verbose reports but on going live these are usually suppressed.  That’s because they don’t want website visitors to receive lengthy and, to them, meaningless messages but also the diagnostic messages are “helpful” to anyone trying to hack the site.
With hindsight it may have helped to turn on verbose database error reporting sooner but the rationale is to follow the problem on the route the data takes through the system, looking at the most likely issues first.