Pass database handler to exception

93 views Asked by At

I want to log something into the database when an attack is detected. The class definition and throwing go separated, but joined them here for simplicity. I was thinking about:

<?php
class Attack extends Exception {
  public function __construct($message, $code = 0, Exception $previous = null, $DB, $IP) {
    $STH = $DB->prepare("INSERT INTO blocked (`type`, `value`) VALUES ('ip', ?)");
    $STH->execute(array($IP));
    parent::__construct($message, $code, $previous);
    }
  }

// code

if (!empty($_POST['honeypot']))
  throw new Attack($IP . " submitted a filled in honeypot", 0, null, $DB, $IP);

But I can also think about this even simpler, though more rigid, method:

<?php
class Attack extends Exception {
  public function __construct($message, PDO $DB, $IP) {
    $STH = $DB->prepare("INSERT INTO blocked (`type`, `value`) VALUES ('ip', ?)");
    $STH->execute(array($IP));
    parent::__construct($message);
    }
  }

// code

if (!empty($_POST['honeypot']))
  throw new Attack($IP . " submitted a filled in honeypot", $DB, $IP);

And I'm not even sure if this works but there's also this:

<?php
class Attack extends Exception {
  public function __construct($message, $code = 0, Exception $previous = null) {
    parent::__construct($message, $code, $previous);
    }
  public function block ($DB, $IP) {
    $STH = $DB->prepare("INSERT INTO blocked (`type`, `value`) VALUES ('ip', ?)");
    $STH->execute(array($IP));
    }
  }

// code

if (!empty($_POST['honeypot'])) {
  $e = new Attack($IP . " submitted a filled in honeypot");
  $e->block($DB, $IP);
  throw $e;
  }

I just want to save the IP (and maybe some other data) into the database when an attack is detected. What are the advantages and disadvantages of each method? Can you think of any other method?

Which method is the most commonly used when logging something into the database while throwing an exception?

1

There are 1 answers

4
Your Common Sense On BEST ANSWER

You don't need an exception here.

If a user reached the destination, it is by no means an exceptional case but rather a pretty regular one. So, just process this request, like you do for any other user action, without exceptions.