On the fly error reporting in PHP - php

When our site used to be on IIS hosting with PHP installed, I had error reporting set to E_NONE and was able to turn it on temporarily by using:
ini_set('display_errors', 1);
That command seems to no longer work now that we are on Linux/Apache hosting. I have tried purposely sending bad commands to the server and I get no errors reported.
What am I doing wrong? Is there any other way to temporarily turn on error reporting without having to edit the php.ini each time?

You can change error reporting to E_ALL using the following line:
error_reporting(E_ALL);
Try adding that to the file.

The best way to turn on all errors is:
error_reporting( -1 );
This is better than E_ALL, as E_ALL doesn't actually mean all errors in all versions of PHP (it only does in the most recent). -1 is the only way to ensure it's on in all cases.

I just had to do this in one of my scripts. DOMDocument warnings were killing my logs. So, here's what you do:
// First, grab a copy of the current error_reporting level
// while setting the new level, I set it to zero because I wanted
// it off - but you could easily turn it on here
$erlevel = error_reporting(0);
// Then, do stuff that generates errors/warnings
// Finally, set the reporting level to it's previous value
error_reporting($erlevel);

Related

Can't change display_errors value

I can't turn off display errors for my website. I use ISP Manager control panel. It is Off in all php.ini files and settings. But still warnings and notices are showing. Even using ini_set() right in the script doesn't work. Can you help me with this?
<?php
ini_set('display_errors', 0);
phpinfo(); // display_errors is still On On
ini_get('display_errors'); // returns 'stderr'
If I understood correctly, something like:
var_dump(ini_set('display_errors', 0));
… produces:
bool(false)
I can think of two ways to intentionally prevent display_errors from being changed:
Disabling ini_set() altogether in system-wide INI file, which produces different symptoms:
Warning: ini_set() has been disabled for security reasons
NULL
This can be checked anyway:
var_dump(ini_get('disable_functions'));
Hard-coding display_errors in Apache settings using php_admin_flag, which only applies if PHP runs as Apache module but effectively produces a boolean false.
I believe we're in #2. You may want to check whether PHP runs as Apache module; I'm not aware though of any way to verify by yourself if php_admin_flag is being used. If that's the case, I reckon you're out of luck:
php_admin_flag name on|off
Used to set a boolean configuration directive. This can not be used in
.htaccess files. Any directive type set with php_admin_flag can
not be overridden by .htaccess or ini_set().
If you're in control of Apache settings this is something you can easily fix. Otherwise, I suggest you ask hosting support about this. IMHO, it isn't reasonable to enable display_errors in a production server, let alone force it:
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; For production environments, we recommend logging errors rather than
; sending them to STDOUT.
; Possible Values:
; Off = Do not display any errors
; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
Overview
There are a few different types of error reporting function in PHP. Luckily we have a decent explanation of these in the PHP docs here.
I typically use the three in the examples below. Let's walk through those.
Breakdown Docs
This function sets the error reporting level.
error_reporting()
The error_reporting() function sets the error_reporting directive at
runtime. PHP has many levels of errors, using this function sets that
level for the duration (runtime) of your script. If the optional level
is not set, error_reporting() will just return the current error
reporting level.
This first function takes a parameter of an integer or a named constant. The named constant is recommended in case future version of PHP release new error levels. That way you will always know what to expect after upgrading to a newer version of PHP.
This next mode decides if errors will be printed to the screen or not.
ini_set('display_errors', 1)
This determines whether errors should be printed to the screen as part
of the output or if they should be hidden from the user.
The last one handles errors that happen during PHP's startup sequence. When you turn display_errors on it does not handle errors that occur in the startup sequence. This is partially the reason why a lot of times people do not understand why they are not seeing errors even though they have turned error reporting on.
Even when display_errors is on, errors that occur during PHP's startup
sequence are not displayed. It's strongly recommended to keep
display_startup_errors off, except for debugging.
This will tell the app to log errors to the server.
ini_set('log_errors', 1);
Tells whether script error messages should be logged to the server's
error log or error_log. This option is thus server-specific.
Example
To turn off error reporting in a file try this,
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(0);
To turn on error reporting in a file try this,
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Answer
If you want to log errors but do not want them to show up on the screen then you would need to do this,
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
error_reporting(E_ALL);
Or try,
ini_set('display_errors', 0);
ini_set('display_startup_errors', 0);
ini_set("log_errors", 1);
error_reporting(E_ALL);

What's the purpose of ini_set() in php? (especially for error reporting)

Ok so PHP has the function ini_set() which a lot of people are aware of and will use to set various configuration options (here) to help with development etc. However, this function does only seem to work at runtime and will not work if there are any fatal errors or the script has syntax errors and can't be parsed / compiled.
Therefore surely there is no point of doing this (from the manual):
http://php.net/manual/en/function.ini-set.php
Examples
Example #1 Setting an ini option
<?php
echo ini_get('display_errors');
if (!ini_get('display_errors')) {
ini_set('display_errors', '1');
}
echo ini_get('display_errors');
?>
I don't know if I'm just missing something and my php.ini isn't configured correctly, but a lot of the time I get no errors. For beginners / juniors there will no doubt be a lot of syntax errors (missing semi-colons, closing brackets etc), and said juniors would search for how to turn on errors, assume the above manual entry is correct, yet when re-running their script, alas, they get no errors as the script cannot be parsed / compiled in the first place.
I know you can set display_errors = On in the php.ini file and restart your web server to show all errors to the screen (using this in a development environment, definitely not live), but wouldn't it be better just to remove the function and only configure the php.ini file for different error levels?
Update:
I know ini_set isn't just for displaying errors, but code can't be very manageable if you're calling ini_set in certain scripts / functions / files and wouldn't it make more sense to use the php.ini for something like that?
Update
So the ini file can be used to set global configuration options, surely you'd use this for security or optimisation, however developers could still use ini_set to override some of these options at runtime which may not be desirable
In summary (#Hanky웃Panky):
Why do I have the option of displaying errors when some trivial syntax errors will still not display?
yes, you are right that its better just to remove the function and only configure the php.ini file for different error levels.
But, this is good only that case when you have only one project in your machine, So, its all configuration setting you can do in php.ini
Consider, the case if you have multiple project setup. if you don't want some settings in that project still it will get from php.ini
So, it is suggested for some configuration settings you just set them at project level with ini_set() and will not reflect other projects.
string ini_set ( string $varname , string $newvalue );
The Purpose of ini_set is to set the value of the given configuration option.
This newvalue is kept by the configuration option during the script execution and restored at the scripts ending.
Example for setting an ini option
<?php
echo ini_get('display_errors');
if (!ini_get('display_errors')) {
ini_set('display_errors', '1');
}
echo ini_get('display_errors');
?>
string ini_set ( string $varname , string $newvalue )
Basically ini_set() sets the value of the given configuration option. The configuration option will keep this new value during the script's execution, and will be restored at the script's ending.
for all the variables which you can configure during the script run. please go through the below link.
Another settings can be configured at runtime using the the ini_set() function:
memory_limit and max_execution_time
(From ZCE test part about PHP Basics).
ini_set — Sets the value of a configuration option. Sets the value of the given configuration option. The configuration option will keep this new value during the script's execution, and will be restored at the script's ending, without ini_set(), values from php.ini file will be used.
EDIT:
You may find this helpful:
// Turn off all error reporting
error_reporting(0);
// Report simple running errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Reporting E_NOTICE can be good too (to report uninitialized
// variables or catch variable name misspellings ...)
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
// Report all errors except E_NOTICE
error_reporting(E_ALL & ~E_NOTICE);
// Report all PHP errors (see changelog)
error_reporting(E_ALL);
// Report all PHP errors
error_reporting(-1);
// Same as error_reporting(E_ALL);
ini_set('error_reporting', E_ALL);

Is there a way that I enforce that PHP reports error if I use an uninitialized/undefined variable?

I made a huge mistake by mixing result with results and it took me around 4 hours to finally find the bug.
So here is the question, in PHP, is it possible that I can enforce PHP to report errors if I use an undefined/uninitialized variable.
thank you
Set error reporting to E_ALL and ensure that display_errors in php.ini is on.
php.ini
display_errors = On
PHP code
// If you cannot access the php.ini file
// you can do this within your PHP code instead
#ini_set('display_errors' '1');
error_reporting(E_ALL);
The default setting you have right now probably excludes notices, the kind of errors PHP raises on uninitialized variables, which could be something like this:
error_reporting(E_ALL & ~E_NOTICE);
In a development environment I prefer using error_reporting(-1). Which reports all PHP errors.
yes, use error_reporting() and set it to E_ALL, like this:
error_reporting(E_ALL);
Set error reporting to report all errors. Either in php.ini or at runtime using error_reporting(E_ALL)
it already does report an error. something like this:
"Notice: Undefined variable: a in C:\wamp\www\testcenter\index.PHP on line 40"
maybe you didn't go specific enough. but you should try error_reporting(-1); as as if enforces the php to show some recomendations. a piece from the php manual about E_STRICT errors:
Enable to have PHP suggest changes to your code which will ensure the best interoperability and forward compatibility of your code.
just remember that error_reporting(-1); shows more errors than error_reporting(E_ALL); because E_STRICT errors are not included in the E_ALL constraint.

Suppressing errors beyond setting ERROR_REPORTING ( display_errors perhaps? )

Let's say I'm basically inheriting a live site that has a lot of errors in production, I'm basically doing a recode of this entire site which might take a month or so.
There are some cases in which this site was reliant upon external xml file feeds which are no longer there, but the code wasn't properly setup to supply a nice clean error message ( there are various similar circumstances ) - the client is requesting that at least these error messages go away even if for example the content from the xml file isn't published so we wouldn't be seeing php errors and a blank region on the page ( so the rest of the page can look "fine" ).
At one point I have heard of someone using set_error_handler to nullify some cases where it isn't extreme and I had the idea of setting it up to store error messages in a file/log or email them ( and try to not have duplicate error messages ) basically so end users don't have to see those ugly things.
I'm looking for tips from anyone who's actually done this, so thanks in advance.
On your production server, you should have the following ini settings:
ini_set('error_reporting', E_ALL | E_STRICT);
ini_set('log_errors', true);
ini_set('error_log', '/tmp/php_errors.log'); // or whatever file is appropriate
ini_set('display_errors', false);
By turning off display_errors, your users will never see another error message, but you will be able to see error messages by looking in the log file.
When the re-code is finished, there should be no more errors going into the log file (because you've fixed them all).
Edit: Some developers set error_reporting to E_ALL ^ E_NOTICE as a way of hiding errors. This is bad practice because it hides messages about possible programming errors. You should only use E_ALL ^ E_NOTICE when there are so many Notices coming from legacy code that you are unable to fix them all.
When in development, it is good to use
error_reporting(E_ALL);
ini_set('display_errors', 'On');
So you can see errors immediatly : it helps correcting them.
When on the production server, you don't want error displayed, so :
ini_set('display_errors', 'Off');
error_reporting can remain activated : if display_errors is Off, errors won't be displayed anyway -- but you can still have them logged to a file.
BTW, those can be set in the php.ini file, of course :
error_reporting
display_errors
On the production machine, you might want to use log_errors and error_log, so errors are logged to a file (which means you will be able to know what errors occured -- can be useful, sometimes) ; of course, don't forget to check that file from time to time ;-).
As a sidenote, if you just have a couple functions/methods you don't want to display errors, you could envisage using the # operator to just mask the errors those might trigger...
... But I strongly advise against it (except in very specific cases) : it make debugging lots harder : errors triggered there are never displayed, not even on your development machine !
In my opinion, it is way better to just disable display_errors on the production machine ; it also means no error will be displayed at all, which is better for users!

Best way to suppress php errors on production servers

What is the best method of hiding php errors from being displayed on the browser?
Would it be to use the following:
ini_set("display_errors", 1);
Any best practice tips would be appreciated as well!
I am logging the errors, I just want to make sure that setting the display_errors value to off (or 0) will not prevent errors from being logged.
The best way is to log your errors instead of displaying or ignoring them.
This example will log the errors to syslog instead of displaying them in the browser.
ini_set("display_errors", 0);
ini_set("log_errors", 1);
//Define where do you want the log to go, syslog or a file of your liking with
ini_set("error_log", "syslog"); // or ini_set("error_log", "/path/to/syslog/file");
Assuming you are in control of the php.ini file, you can make these changes globally inside that file instead of having the ini_set code laying around in all your php files (which you might forget to put in one of your files one day, which could be bad in production).
You can also use apache .htaccess to log errors without touching your code:
<IfModule mod_php5.c>
php_flag display_errors Off
php_flag log_errors On
php_value error_log logs/errors
</IfModule>
set an environment variable on your development machine. then you can check your environment in the beginning of your code to make sure you are on the development environment.
then you can set the error reporting level of PHP, by using the error_reporting() function.
if ( isset($_ENV['MY_APP_MODE']) && ($_ENV['MY_APP_MODE'] == 'devel') ) {
error_reporting(E_ALL);
} else {
error_reporting(0);
}
The accepted answer did not work at all for me on PHP 7.1.
This works as expected on production, logging errors to the supplied file and not displaying them to the user:
ini_set('display_errors', 'Off');
ini_set('log_errors', 'On');
ini_set("error_log", "/absolute/path/to/my/error_log");
The PHP distribution files unfortunately sends a mixed message about handling error messages. The default php.ini file has some settings suitable for production servers and others better for development servers. You should turn all errors on in dev (error_reporting = E_ALL and display_errors = On), and off in prod (display_errors = off but point log_errors somewhere). However, do your best to make sure there are no errors (or they're handled).
The best way? Fix the errors!
If you need a quick temporary solution then it's OK to turn display_errors off, but make sure you're logging them somewhere, because that setting will make serious/parse errors silent otherwise.

Categories