[SOLVED] Safe Error Reporting

[Bisa]

I just now picked up my own php/mysql programming again and I am currently trying to create a blogg of sorts. During my many beginner guides and tutorials I have come to be aware of the importance of security hence my question:

 

I am coding locally then uploading to a remote server for testing, this is a live environment and I wonder how to best report errors partly to my benefit when bug tracking but also to make it harder for malicious people to sabotage anything for me.

 

connect.php is the first script where I actively have started to work with the error reporting by adding trigger_error(mysql_error() . '<br />Query was:' . $con,E_USER_ERROR) as a result if the connection to the database failed.

 

Now assume that I am content with my development, all I need to do is change the error_reporting() or am I mistaken here?

 

<?php
/*
File name: connect.php
File version: 1.0
*/

//Set the default mysql socket (server/host specific)
ini_set('mysql.default_socket', '/tmp/mysql5.sock');

//Create the connection with server address, username and password
$con = mysql_connect("localhost","username","password");

//Tries to connect to the database server, if not successful terminate the script and trigger the error
if (!$con)
{
die(trigger_error(mysql_error()	. '<br />Query was:' . $con,E_USER_ERROR));
}

//Selects the database for further use
mysql_select_db("exiled_bisa", $con);
?>

[Mchl]

You're not. error_reporting(0); disables all error reporting be it user defined or not.

[Bisa]

You're not. error_reporting(0); disables all error reporting be it user defined or not.

 

So basically to make things easy for me I could simply have a script such as my header.php which is require() for all the others enable error reporting while I am developing and as soon as I am content just switch it off and enable error logging instead?

 

in that case, do I really need to go through all the extra work of adding error triggers all over the place?

I mean, if I dont add stuff like trigger_error() I will still be seeing the errors if I enable it using the error_reporting()?

 

Thnx for the help =)

[PFMaBiSmAd]

Setting error_reporting(0) will also disable error logging of your trigger_error() errors.

 

On a live server error_reporting should be set to as least E_ALL, but display_errors should be set off. On a development system, set error_reporting to E_ALL and display_errors on.

[Bisa]

Thnx a lot, I suppose I'll be ok from now on when it comes to errors 

[Mchl]

o basically to make things easy for me I could simply have a script such as my header.php which is require() for all the others enable error reporting while I am developing and as soon as I am content just switch it off and enable error logging instead?

Yup. That's what I do

 

in that case, do I really need to go through all the extra work of adding error triggers all over the place?

I mean, if I dont add stuff like trigger_error() I will still be seeing the errors if I enable it using the error_reporting()?

 

Thnx for the help =)

 

trigger_error(mysql_error()); is still better than die(mysql_error);

 

In most cases I try to shut down script gracefully instead of stopping it where the error occured.

[Bisa]

hmm, back to the enabling/disabling errors 

 

I tried require(errors.php) with this code in it

<?php

//Live error settings
error_reporting(E_ALL);
ini_set(display_errors, '0');
ini_set(log_errors, '1');
ini_set(error_log, "/private/logs/blogproject_phperrors.log");

//Development error settings
//error_reporting(E_ALL);
//ini_set(display_errors, 1);

?>

 

browsing to errors.php now gives me 2 notices (I'm yet not really familiar with the various errors/warnings etc and thus I suppose this is a mere noob question?) any way, I do not want these notices to appear in my live environment and thus I rather find a way to solve them, is this possible?

[Bisa]

While unable to find the edit button (guess I was to slow editing?), well any way, here are the 2 notices:

 

Notice: Use of undefined constant log_errors - assumed 'log_errors' in /home/exiled/www/bisa/blogproject/errors.php on line 6

 

Notice: Use of undefined constant error_log - assumed 'error_log' in /home/exiled/www/bisa/blogproject/errors.php on line 7

[Mchl]

You forgot quotes around 'log_errors' and 'error_log'

 

<?php

//Live error settings
error_reporting(E_ALL);
ini_set('display_errors', '0');
ini_set('log_errors', '1');
ini_set('error_log', "/private/logs/blogproject_phperrors.log");

//Development error settings
//error_reporting(E_ALL);
//ini_set('display_errors', 1);

?>

[Bisa]

aw man, noob question indeed  :-X

 

any way, thnx for helping me out, much appreciated