Home > Article > Backend Development > PHP Security - Error Reporting
There are no developers who are infallible, PHP The error reporting feature will assist you in identifying and locating these errors. These detailed descriptions provided by PHP may also be seen by malicious attackers, which is not good. It is important that error messages are invisible to the public. Doing this is easy, just turn off display_errors. Of course, if you want to get error information, you can turn on the log_errors option and set the saving path of the error log file in the error_log option.
Since the level setting of error reporting can cause some errors to go undetected, you need to set error_reporting to at least E_ALL (E_ALL | E_STRICT is the highest setting, Provide backward compatibility suggestions, such as tips that are not recommended).
All error reporting levels can be modified at any level, so if you are using a shared hosting, you do not have access to php.ini, httpd.conf, or When making changes to configuration files such as .htaccess, you can run the error reporting level configuration statement in the program:
CODE:
<?php ini_set('error_reporting', E_ALL | E_STRICT); ini_set('display_errors', 'Off'); ini_set('log_errors', 'On'); ini_set('error_log', '/usr/local/apache/logs/error_log'); ?>
Tips
http://www.php.cn/ The option configuration of php.ini is explained in detail.
PHP also allows you to pass set_error_handler() Function specifies your own error handling function:
CODE:
<?php set_error_handler('my_error_handler'); ?>
The above program specifies your own error handling function my_error_handler(); Here is an example of actual use:
CODE:
<?php function my_error_handler($number, $string, $file, $line, $context) { $error = "= == == == ==\nPHP ERROR\n= == == == ==\n"; $error .= "Number: [$number]\n"; $error .= "String: [$string]\n"; $error .= "File: [$file]\n"; $error .= "Line: [$line]\n"; $error .= "Context:\n" . print_r($context, TRUE) . "\n\n"; error_log($error, 3, '/usr/local/apache/logs/error_log'); } ?>
Tips
PHP 5 also allows to set_error_handler( ) passes the second parameter to limit the error conditions under which the defined error handling function is executed. For example, now create a function to handle warning level (warning) errors:
CODE:
<?php set_error_handler('my_warning_handler', E_WARNING); ?>
The above is the content of PHP security-error report, more For more related content, please pay attention to the PHP Chinese website (www.php.cn)!