I've seen a few methods for hiding php errors using php.ini or by adding php_flag display_errors off to .htaccess, but I'm wondering if there's a way to make it so only I can see php errors (useful for debugging obviously), but anyone else will be redirected to some boilerplate error page. I have a few scripts on my site that use my forum to authenticate me as an admin and kick everyone else out, so maybe it's possible using the same method?
If this isn't possible, I guess I'll go with the .htaccess method since I don't have access to php.ini. Is adding php_flag display_errors off to .htaccess a good way to go for this?
Thanks!
While displaying errors on screen is great for development (as you see them right away), they should not be enabled for production servers because you may accidentally expose sensitive information (e.g., database passwords) to unauthorized users.
The useful INI options are:
ini_set('error_reporting', E_ALL & ~E_NOTICE);
ini_set('error_log', '/path/to/my/php.log');
ini_set('log_errors', 'On'); // log to file (yes)
ini_set('display_errors', 'Off'); // log to screen (no)
With that, all errors will be logged to the specified file. No errors will be seen on the screen.
Make sure the web server user is able to write to that file. You may have to create it and chmod / chown it accordingly before running your script.
On private development servers, you could disable the log file and display directly to screen. When developing, I would also get in the habit of displaying E_NOTICE errors as well. (Just use E_ALL as the value.) And if your scripts are well written, you can then continue to log them while in production too. An E_NOTICE is good for catching typos in variable names or array indices.
Note that all of those options can also be set in the php.ini or .htaccess files. But if you use .htaccess you cannot use the E_* constants; instead, you must hardcode the integer representation. (i.e., In a .htaccess file, you use whatever the results of <?php echo E_ALL ?> show as the value, or whatever you wish to log.)
In fact, I would recommend setting them in the php.ini if at all possible. Otherwise, if there's a script parsing error (or the ini_set gets skipped for some reason), you may not get the errors logging properly, etc.
On a Linux box you can always do a tail -f /path/to/my/php.log from a shell to monitor the log in realtime.
Although I agree with konforce, this is possible by setting the error reporting at runtime with the error_reporting() function. If you insist on doing that, put it in the same block of code that you mentioned for determining you are the admin, so that you don't have the decision made in different places.
Since your code already knows you are an admin you can use a logic like this:
if($_SESSION['isadmin']==1){
ini_set('display_errors', 1);
ini_set('log_errors', 1);
}
The admins will see errors but the other users will not see the errors.
You can check against the users IP, and if it matches yours, you can show errors.
Something like this:
if($_SERVER['REMOTE_ADDR'] == 'your.ip.address'){
error_reporting(E_ALL);
} else {
error_reporting(0);
}
If you don't know you external IP, just google "what is my ip" or similar.
Base case scenario is obviously having a dev-server.
if you have a users system, set the codes so it recognize you when you log in, and show errors. So, it will only show errors when it's you who is logged in.
Related
I have been trying for three days now to enable error reporting in PHP. I have gotten by for a while using the ini_set('display errors' 1); function until I tried to connect to a DB; it didn't work. Now, I have enabled error_reporting, display_startup_errors, log_errors without any effect on error reporting. I have changed all five config files (the development ini, production ini, the php.ini file(s) located in php/7.0/cli, php/7.0/fpm, and even the one in apache2 (even though I am running nginx)
I am beginning to doubt my own abilities, any assistance is greatly appreciated.
EDIT: I have used the ini_set function described above in my files, and it worked up until I tried to connect to a DB. I have confirmed that I've enabled error reporting for the php.ini file described in the phpinfo() function directory path. No effect whatsoever.
Because no one particularily gave away the answer, I will just have to post it myself.
I found the error.log file (which indeed is logging all errors on my Nginx server) in this directory: /var/log/nginx/error.log
Hopefully this may help others using Nginx as well, but I still do not understand why the **** the errors aren't showing up in the browser. I think it is Nginx's nature to make everything quite complicated.
Perhaps I should develop using Apache and then port it into Nginx when I have more experience -- just some thoughts for others who are getting into this as well.
I just wanted to give an update on this: Since upgrading from PHP 7.0.2 <= 7.0.3, I am now able to see the errors that should have been displayed.
EDIT: Don't delete the contents of that log file, it will screw the whole error reporting. I'm back to nothing now. –
Error Reporting Itself
ini_set('display_errors', 1); or display_errors
Simply allows PHP to output errors - useful for debugging, highly recommended to disable for production environments. It often contains information you'd never want users to see.
error_reporting(E_ALL); or error_reporting
Simply sets exactly which errors are shown.
Setting one or the other will not guarantee that errors will be displayed. You must set both to actually see errors on your screen.
As for setting this up permanently inside your PHP config, the default for error_reporting is E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED. That said, this variable should not need changed. See here:
http://php.net/manual/en/errorfunc.configuration.php#ini.error-reporting
As for displaying errors, see here:
http://php.net/manual/en/errorfunc.configuration.php#ini.display-errors
Set the config value of "display_errors" to either stderr or stdout, depending on your need.
Just change these variables inside of your php.ini file and you'll be golden. Make absolutely sure both display_errors and error_reporting is set to a satisfactory value. Just setting error_reporting will not guarantee that you see the errors you're looking for!
Error Reporting Works Everywhere Except When Connecting To My DB!
If you see errors everywhere you need to except in the Database Connection, you just need to do some error catching. If it's PDO, do something like this:
try {
$this->DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
$this->DBH->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$STH = $this->DBH->prepare("INSERT INTO `" . $this->table . "` ($fs) value ($ins) $up");
$STH->execute($data);
$id = $this->DBH->lastInsertId();
$this->closeDb();
return $id;
} catch(PDOException $e) {
echo $e->getMessage();
}
Just a snippet from my framework. Of course you'll have to change it to your liking, but you should be able to get the general idea there. They key is this part here:
try {
//DB Stuff
} catch(PDOException $e) {
echo $e->getMessage();
}
I Still Don't See The Error
If you've done both of what I've listed here and still have trouble, your problem has nothing to do with enabling error reporting. The code provided will show you the error with a Database Connection itself, and inside of PHP code. You must have a completely different issue if this has not shown you an error you're chasing.
You'll likely need to be a bit more descriptive on exactly what you're chasing, and what you're expecting to see.
Try:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
perhaps, it will help you. change values of parameteres
in the file /etc/php/7.0/fpm/pool.d/www.conf (for example value display_errors by default is disabled)
I have recently changed hosts, on my old host if i had an error in my syntax the error would be displayed (showing me where the error was)
On my new host i do not see this, i just see
The website encountered an error while retrieving http://www.XXX.co.uk/delete_product.php?q=66550. It may be down for maintenance or configured incorrectly.
Is there any way i can show the error instead of this?
Turn on error reporting.
Include these lines are the top of your script:
ini_set('display_errors',1);
error_reporting(E_ALL);
If you have access to edit the php.ini file, you can edit it and include the following option:
error_reporting = E_ALL
These settings will help you troubleshoot code faster and makes it easy to identify errors. However, it is not appropriate for a production-level use. You should use the first method and then you can remove the lines once you've fixed the issues. On local development environments, it's okay to edit php.ini file and add the directive as mentioned above.
On production systems, do not use ini_set('display_errors', 1); as it can show information you might want to keep hidden. Use the server's logs instead. By default apache for example logs these errors in error_log.
And, anything that is open to the general internet public is considered "production" in my opinion. Development means it is a server sitting in your own local network.
Turning on error reporting would work, but perhaps it would be better to look into the server logs.
I'm developing a JSON integrated web application, which is really irritating to debug on client-side when I'm getting some (some intended) PHP error's on the serverside of the (through ajax) page request. For debugging purposes I would like to disable all my debugging of PHP and DB related errors for only this specific page / view / controller.
I've already tried placing the following in the top of my controller, which should be working according to some articles I found on the interwebs:
function index() {
ini_set('display_errors', 0);
$this->config->set_item('log_threshold', 0);
Though, this still gives me the darn errors.
I know it sounds silly that I would require the errors to be disabled, but... just trust me on this one.
Have you changed ENVIRONMENT constant to 'production' in index.php?
It will turn off all errors
In production environments, it is typically desirable to disable PHP's
error reporting by setting the internal error_reporting flag to a
value of 0. This disables native PHP errors from being rendered as
output, which may potentially contain sensitive information.
Setting CodeIgniter's ENVIRONMENT constant in index.php to a value of
'production' will turn off these errors. In development mode, it is
recommended that a value of 'development' is used. More information
about differentiating between environments can be found on the
Handling Environments page.
If it won't help - try to update CodeIgniter.
By the way, this
$this->config->set_item('log_threshold', 0);
is just file logging.
If you need to turn off only on one page try this one
ini_set('display_errors', 'Off');
error_reporting(0);
define('MP_DB_DEBUG', false);
I would like to log PHP errors on a CakePHP site that has debug = 0. However, even if I turn on the error log, like this:
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED
log_errors = On
it doesn't log errors.
The problem is that even for a parse error that should cause the CakePHP environment to not load completely (I think), it still blocks the error from being logged. If I set debug to 3, it logs to the file without issue.
I am using CakePHP 1.2. I know this is apparently made easier in 1.3, but I'm not ready to upgrade.
Another way to keep track of and log errors would be to use the Referee plugin as it provides a way to arbitrarily log and catch all (including fatal) errors that occur during exection.
define('LOG_ERROR', 2); in core.php
PHP should log errors to its own logfile, regardless of what CakePhp is doing.
Look in /etc/php.ini file (or wherever yours lives) and search for error_log. This will show you where the PHP log resides on your system.
There is a bug in CakePHP 1.2-1.3 where PHP errors/warnings are suppressed in view code when debugging is disabled.
In the file cake/libs/view/view.php on line #664 it reads
#include ($___viewFn);
But the # directive suppresses errors for the entire view handler. Instead it should be:
include ($___viewFn);
Which allows PHP errors/warnings to be generated in view code and subsequently get logged. Once I changed this and had the right logging settings in core.php I was finally able to get complete logs in production.
Sometime the reason could be very different. For example the framework you are using may have its own internal caching module which keeps the value in buffer while you keep on trying. Check whether duplicate copies are getting generated or not. Typically those files would be named as filename.ext.r123 and so on.
Let's say I'm basically inheriting a live site that has a lot of errors in production, I'm basically doing a recode of this entire site which might take a month or so.
There are some cases in which this site was reliant upon external xml file feeds which are no longer there, but the code wasn't properly setup to supply a nice clean error message ( there are various similar circumstances ) - the client is requesting that at least these error messages go away even if for example the content from the xml file isn't published so we wouldn't be seeing php errors and a blank region on the page ( so the rest of the page can look "fine" ).
At one point I have heard of someone using set_error_handler to nullify some cases where it isn't extreme and I had the idea of setting it up to store error messages in a file/log or email them ( and try to not have duplicate error messages ) basically so end users don't have to see those ugly things.
I'm looking for tips from anyone who's actually done this, so thanks in advance.
On your production server, you should have the following ini settings:
ini_set('error_reporting', E_ALL | E_STRICT);
ini_set('log_errors', true);
ini_set('error_log', '/tmp/php_errors.log'); // or whatever file is appropriate
ini_set('display_errors', false);
By turning off display_errors, your users will never see another error message, but you will be able to see error messages by looking in the log file.
When the re-code is finished, there should be no more errors going into the log file (because you've fixed them all).
Edit: Some developers set error_reporting to E_ALL ^ E_NOTICE as a way of hiding errors. This is bad practice because it hides messages about possible programming errors. You should only use E_ALL ^ E_NOTICE when there are so many Notices coming from legacy code that you are unable to fix them all.
When in development, it is good to use
error_reporting(E_ALL);
ini_set('display_errors', 'On');
So you can see errors immediatly : it helps correcting them.
When on the production server, you don't want error displayed, so :
ini_set('display_errors', 'Off');
error_reporting can remain activated : if display_errors is Off, errors won't be displayed anyway -- but you can still have them logged to a file.
BTW, those can be set in the php.ini file, of course :
error_reporting
display_errors
On the production machine, you might want to use log_errors and error_log, so errors are logged to a file (which means you will be able to know what errors occured -- can be useful, sometimes) ; of course, don't forget to check that file from time to time ;-).
As a sidenote, if you just have a couple functions/methods you don't want to display errors, you could envisage using the # operator to just mask the errors those might trigger...
... But I strongly advise against it (except in very specific cases) : it make debugging lots harder : errors triggered there are never displayed, not even on your development machine !
In my opinion, it is way better to just disable display_errors on the production machine ; it also means no error will be displayed at all, which is better for users!