Jump to content

[SOLVED] Safe Error Reporting

Bisa

By Bisa
in PHP Coding Help

 Share

Recommended Posts

Bisa Member

Bisa

Posted
Posted

I just now picked up my own php/mysql programming again and I am currently trying to create a blogg of sorts. During my many beginner guides and tutorials I have come to be aware of the importance of security hence my question:

 

I am coding locally then uploading to a remote server for testing, this is a live environment and I wonder how to best report errors partly to my benefit when bug tracking but also to make it harder for malicious people to sabotage anything for me.

 

connect.php is the first script where I actively have started to work with the error reporting by adding trigger_error(mysql_error() . '<br />Query was:' . $con,E_USER_ERROR) as a result if the connection to the database failed.

 

Now assume that I am content with my development, all I need to do is change the error_reporting() or am I mistaken here?

 

<?php
/*
File name: connect.php
File version: 1.0
*/

//Set the default mysql socket (server/host specific)
ini_set('mysql.default_socket', '/tmp/mysql5.sock');

//Create the connection with server address, username and password
$con = mysql_connect("localhost","username","password");

//Tries to connect to the database server, if not successful terminate the script and trigger the error
if (!$con)
{
die(trigger_error(mysql_error()	. '<br />Query was:' . $con,E_USER_ERROR));
}

//Selects the database for further use
mysql_select_db("exiled_bisa", $con);
?>

Link to comment
Share on other sites
Bisa Member

Bisa

Posted
  • Author
Posted

You're not. error_reporting(0); disables all error reporting be it user defined or not.

 

So basically to make things easy for me I could simply have a script such as my header.php which is require() for all the others enable error reporting while I am developing and as soon as I am content just switch it off and enable error logging instead?

 

in that case, do I really need to go through all the extra work of adding error triggers all over the place?

I mean, if I dont add stuff like trigger_error() I will still be seeing the errors if I enable it using the error_reporting()?

 

Thnx for the help =)

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

o basically to make things easy for me I could simply have a script such as my header.php which is require() for all the others enable error reporting while I am developing and as soon as I am content just switch it off and enable error logging instead?

Yup. That's what I do

 

in that case, do I really need to go through all the extra work of adding error triggers all over the place?

I mean, if I dont add stuff like trigger_error() I will still be seeing the errors if I enable it using the error_reporting()?

 

Thnx for the help =)

 

trigger_error(mysql_error()); is still better than die(mysql_error);

 

In most cases I try to shut down script gracefully instead of stopping it where the error occured.

Link to comment
Share on other sites
Bisa Member

Bisa

Posted
  • Author
Posted

hmm, back to the enabling/disabling errors  :-[

 

I tried require(errors.php) with this code in it

<?php

//Live error settings
error_reporting(E_ALL);
ini_set(display_errors, '0');
ini_set(log_errors, '1');
ini_set(error_log, "/private/logs/blogproject_phperrors.log");

//Development error settings
//error_reporting(E_ALL);
//ini_set(display_errors, 1);

?>

 

browsing to errors.php now gives me 2 notices (I'm yet not really familiar with the various errors/warnings etc and thus I suppose this is a mere noob question?) any way, I do not want these notices to appear in my live environment and thus I rather find a way to solve them, is this possible?

Link to comment
Share on other sites
Bisa Member

Bisa

Posted
  • Author
Posted

While unable to find the edit button (guess I was to slow editing?), well any way, here are the 2 notices:

 

Notice: Use of undefined constant log_errors - assumed 'log_errors' in /home/exiled/www/bisa/blogproject/errors.php on line 6

 

Notice: Use of undefined constant error_log - assumed 'error_log' in /home/exiled/www/bisa/blogproject/errors.php on line 7

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

You forgot quotes around 'log_errors' and 'error_log' ;)

 

<?php

//Live error settings
error_reporting(E_ALL);
ini_set('display_errors', '0');
ini_set('log_errors', '1');
ini_set('error_log', "/private/logs/blogproject_phperrors.log");

//Development error settings
//error_reporting(E_ALL);
//ini_set('display_errors', 1);

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.