display_errors config not under control

[onefootswill]

Hi There,

 

I have been trying to get on top of having control of error display. Obviously, this is something all php programmers need to understand very well.

 

When I attempt to change the display_errors configuration to display_errors = "STDOUT" , even after I restart the Apache server, when I load info.php, it still indicates that display_errors = on.

 

Am I missing something?

 

I am using php 5.2.5 with Apache2.2.6 on XP.

 

Thanks

 

[PFMaBiSmAd]

From the documentation in the php.ini file -

 

; stderr      - Display errors to STDERR (affects only CGI/CLI binaries!) 

; 

; To output errors to STDERR with CGI/CLI:             

;display_errors = "stderr"

 

stderr only works when php is installed as a CGI wrapper or for the Command Line Interpreter.

[onefootswill]

Thanks for that.

 

Does that mean the appropriate error configuration is error_reporting and not display_errors?

[PFMaBiSmAd]

What are you trying to do?

 

error_reporting sets what type of errors are reported (logged or displayed). display_errors just causes those things set by the error_reporting level to be displayed.

[onefootswill]

At this stage, all I am trying to do is get an understanding of how to control the display of errors. Great for debugging. Not so great in a production environment.

 

As I understand it, if your code has error_reporting(0); , then nothing gets shown and no information will be displayed on your page (for unscrupulous people to take advantage of). i.e. no security issues.

 

If that is all I really need to know, then I guess I am good to go. Does that sound correct? Or is there more to it.

 

Cheers

[PFMaBiSmAd]

Don't set error_reporting(0). That will prevent even logging of errors. So, if your code has an intermittent problem with a database, with unexpected data values that generate errors/warnings/notices, hacking attempts that attempt to trigger errors... you will not have any information about what is going on.

 

Do set display_errors off globally either using the master php.ini (when you have access to it), in a .htaccess file (when php is running as an Apache module), or in a local php.ini (when php is running as a GCI wrapper.) If you put the setting in your code files, when you need to change it for debugging purposes, you have to go through the necessary files, find the line, change it, remember which files you changed it in, and remember to change it back.

 

Well written and well tested code does not generate errors/warnings/notices as it executes. You should only expect warnings/notices for uncaught exceptions and unexpected conditions. It is these unexpected conditions that you want display_errors set to off for on a live server.

[onefootswill]

OK. Thanks. That all makes sense.