Preventing PHP errors from displaying

When you have errors in PHP code, your page may not display and instead an error message like Parse error: syntax error in location on line 4 will appear.

where location is the location on the server of the file that the error occured in. For security purposes, it's not a good thing to have these error messages appearing. When visitors see them, they get to see the path of the file on the server, and the line number on which the error occured. This is sensitive information that in the wrong hands can be exploited. There is a way to prevent this by not having any errors appear at all.

The error_reporting() function

The error_reporting() function specifies which PHP errors are reported.

To not report any errors, set error_reporting() with the value 0. This is a good security practice.

The error_reporting() function should be the first thing in the code:
<?php error_reporting(0); echo "Here is some text"; ech "Here are is an error; >

It's ok to display PHP error messages when you're debugging a page that only a few select people working on the site can see. In this case seeing that sensitive information is a good thing - it will help with the debugging.

To enable error reporting, set the error_reporting() function with the value E_ALL:

<?php error_reporting(E_ALL); echo "Here is some text"; ech "Here are is an error; >
© Copyright 2013-2014
Terms of use | Privacy policy | Copyright information