chaiwei Posted November 25, 2009 Share Posted November 25, 2009 Hi, I am confusing with "require" and "include" in php I know that "require" will become syntax error if the file was not found. "include" will give us an warning. But in practice, normally we don't want to let user saw the error, so we are turn off the error reporting, So we should not use "require" in production? Am I right? Quote Link to comment Share on other sites More sharing options...
Goldeneye Posted November 25, 2009 Share Posted November 25, 2009 Well, using require() for a file that the script can't find will simply exit the script-execution because by using require(), you're telling PHP that the file is required for the script to execute properly. If you just include() a file that the script can't find, PHP will still attempt to execute the rest of the script. Quote Link to comment Share on other sites More sharing options...
chaiwei Posted November 25, 2009 Author Share Posted November 25, 2009 So I shouldn't use require in production site right? Instead of exit the script I should told the viewer page not found something like that and provide the back button? Quote Link to comment Share on other sites More sharing options...
Goldeneye Posted November 25, 2009 Share Posted November 25, 2009 It's not that require() isn't for production-servers. Require() can be used for production servers. Use require if the file your requiring is absolutely crucial for the script (that you're using require() in) to execute correctly like a set of PHP-functions. In some cases, using include() isn't always the best choice. If you try to include a file (which the script can't find) that is crucial for the script you're including it into, to properly execute, it could end up creating security vulneralbilities. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted November 25, 2009 Share Posted November 25, 2009 Its not about not showing the user any errors, its about catching errors, and trying to code your script to handle errors elegantly. To a hacker, error messages can give them clues to vulnerabilities in your server, so you definitely want to never display errors (for the most part) but to a normal user, a cryptic error message means the same thing as a page that you just let error our (and become blank, or break the page). They will get confused and probably leave. Consider Facebook, when something goes wrong, they have a user friendly message that states that something went wrong. and tells them to try to reload the page. Just a simple explanation and some advice can mean the different between users staying at your site. Another thing, error reporting, and displaying errors are different. You DONT want to display errors (IE in the browser) how ever, you still want to keep error reporting on, and have them go to a log or something so you can check them (they can also help you pinpoint vulnerabilities and hack attempts) Quote Link to comment Share on other sites More sharing options...
chaiwei Posted November 25, 2009 Author Share Posted November 25, 2009 I see, But how can I stored the PHP warning inside a log file? using ob_start and ob_get_contents ? but if syntax error, It still terminate the script, and can't stored in a log file? Am I right? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.