Displaying Errors to the Browser - PHP

Enabling thedisplay_errorsdirective results in the display of any errors meeting the criteria defined byerror_reporting. You should have this directive enabled only during testing and keep it disabled when the site is live. The display of such messages not only is likely to further confuse the end user but could also provide more information about your application/server than you might like to make available. For example, suppose you are using a flat file to store newsletter subscriber e-mail addresses. Due to a permissions misconfiguration, the application could not write to the file. Yet rather than catch the error and offer a user-friendly response, you instead opt to allow PHP to report the matter to the end user. The displayed error would look something like this:

--------------------------------------------

Warning: fopen(subscribers.txt): failed to open stream: Permission denied in
/home/www/htdocs/ 8/displayerrors.php on line 3

--------------------------------------------

Granted, you’ve already broken a cardinal rule by placing a sensitive file within the document root tree, but now you’ve greatly exacerbated the problem by informing the user of the exact location and name of the file. The user can then simply enter a URL similar tohttp://www.example.com/subscribers.txtand proceed to do what he will with your soon-to-be furious subscriber base.

Displaying Startup Errors

Enabling thedisplay_startup_errorsdirective will display any errors encountered during the initialization of the PHP engine. Likedisplay_errors, you should have this directive enabled during testing and disabled when the site is live.

Logging Errors

Errors should be logged in every instance because such records provide the most valuable means for determining problems specific to your application and the PHP engine. Therefore, you should keeplog_errorsenabled at all times. Exactly to where these log statements are recorded depends on theerror_logdirective.

Identifying the Log File

Errors can be sent to the system syslog or can be sent to a file specified by the administrator via theerror_logdirective. If this directive is set to syslog, error statements will be sent to the syslog on Linux or to the event log on Windows.

If you’re unfamiliar with the syslog, it’s a Linux-based logging facility that offers an API for logging messages pertinent to system and application execution. The Windows event log is essentially the equivalent of the Linux syslog. These logs are commonly viewed using the Event Viewer.

Setting the Maximum Log Line Length

Thelog_errors_max_lendirective sets the maximum length, in bytes, of each logged item. The default is 1,024 bytes. Setting this directive to 0 means that no maximum length is imposed.

Ignoring Repeated Errors

Enablingignore_repeated_errorscauses PHP to disregard repeated error messages that occur within the same file and on the same line.

Ignoring Errors Originating from the Same Location

Enablingignore_repeated_sourcecauses PHP to disregard repeated error messages emanating from different files or different lines within the same file.

Storing Most Recent Error in a Variable

Enablingtrack_errorscauses PHP to store the most recent error message in the variable$php_errormsg. Once registered, you can do as you please with the variable data, including output it, save it to a database, or do any other task suiting a variable.