Ok, let’s get something straight. Proper error handling is not only good practice, it’s just more professional. I do not subscribe to security by obscurity – sure I will reduce information returned to the user when in production – but I think you must return some sort of tangible feedback to the user or else it just looks like a bug in your code and you will always be trying to explain why to someone.
Put simply, and for ALL situations:
- Never trust data from any source.
- Assume the worst.
- Everything will fail at some point (hardware, network, users).
Do some reading: