A similar question was asked here, but as the answers didn't answer my question, I'm asking:
I've almost never used trigger_error, always thrown exceptions instead, since in my mind errors are legacy. But I've changed my mind, I think they can co-exist. There are cases when triggering errors make more sense.
I'm updating this library, this question concerns the send method, but is general enough. This is my reasoning:
If an API key constant is not set, that is not a catchable error. That is a programming error, and should be treated as such.
If an email address is invalid, that should be catchable. This is most likely a user error.
Am I loco? Is this unnecessary and annoying, or does it make sense?
I agree with your distinction, as to when to throw and when to trigger. For me, trigger_error is also something you want to make a note off, but it's not important to the current request. E.g. for debugging purposes.
Since all my PHP errors (note: not exceptions, but warnings, notices, fatals, etc.) are logged in production, I think trigger_error is a convenient way to get stuff into said log.
Here is an example:
I'm using a HTTP client to access an API we integrate. Of course the library I use is object-oriented PHP and therefor makes heavy use of exceptions. I'm doing various things here and I hope this example makes sense:
The HTTP client library throws an exception when the actual request failed -- e.g. due to a connection issue, such as a timeout, etc.. Of course I catch this error, but I don't elevate it to the user. My wrapper returns false and this equals to, "Temporary issue." in the frontend.
In my catch() block I use trigger_error() to log debug information about the actual connection error. Since I got error_log = syslog in my php.ini all this information is send to syslog and eventually to my log master.
If I'd use the library, I would really hate to use both try-catch block and old style error checking. And even if the missing API key renders the library unusable, it's still part of application.
They both have their uses. Generally, I gear trigger_error() toward developers, since in most production environments error reporting is turned off; then, since most application errors would likely be from bad user input or undesired results based upon user input/actions, I throw exceptions to keep better control over the application (handling those exceptions in a way that both allows the app to recover, and (if necessary) informs the user about what happened in a logical way.
Edit: that example was based off of web apps; the same could be said of any piece of variable data in a non-user-controlled application.
Related
I am a bit confused about how New Relic tracks errors in a php application.
Does the error level set in the application (with error_reporting()) matter for the php agent? Or does it still get all errors? Are there cases in which the php agent will not be able to gather errors?
The New Relic PHP agent hooks into PHP and any errors that hit the PHP error handler will be passed on to us. We typically ignore 4xx errors but anything else detected by PHP should get collected.
As we're listening for errors detected by PHP, changing the error level will also affect the level of errors New Relic can see. Ee will never report errors with a level of E_NOTICE or E_USER_NOTICE
Errors with the web-server which prevent the PHP extension from loading will not be tracked. There's also a known compatibility issue with Xdebug which prevents our agent from tracking errors.
As I am aware the best approach is to configure the agent using PHP agent (newrelic.ini) settings, the is the option newrelic.loglevel where you can set the log level. Although you can still use the error_reporting() to 'overwrite' those settings a relevant question / answer can be found here.
So as from my experience, there are some occasion that this is not working as I expected.
Some time when a fatal error occurred, the php agent was unable to track it. Also there where times that new relic was resetting the options I have put using the error_reporting() to the 'default' ones I have set via newrelic.loglevel.
Disclaimer : I have over a year to use new relic so this may be obsolete.
My opinion is not to mix the these two different ways of setting the error level and stick with the API that the php agent provides. I think that in most of the cases this is going to be enough
From my understanding of PHP documentation, setting custom error handler (which cannot catch all the errors) deactivates the default php error handler (which I guess can catch all the errors:).
If this is correct, is there any purpose of setting custom error handler? I always keep error_reporting(-1), so I should get all errors in the error log anyway, right?
As for the user experience, I cannot see the purpose of making these errors manifest in a custom way - why would you ever want users to see them? In production I always set display_errors to off.
In production you probably want to tell the user something when your site crashes, and set_error_handler provides a way of rendering pretty error messages while preventing the user from seeing ugly things like code and line numbers. It catches any runtime errors that the regular PHP error handler catches.
There is no reason to avoid using set_error_handler, and it's certainly preferable to simply displaying nothing when an error occurs.
Setting a custom error handler is for setting a catch-all handler that takes care of the errors that aren't handled elsewhere. It can catch all errors, except for the ones where your script isn't ran at all (such as fatal syntax errors).
I should also point out that if you return false from your error handling function, then the built-in PHP error handler will step in.
You may want this for special logging of any specific kinds of exceptions in your application.
If this is correct, is there any purpose of setting custom error handler? I always keep
error_reporting(-1), so I should get all errors in the error log anyway, right?
error_reporting dictates which errors should be reported (e.g. warning, notices, etc.). This has nothing to do with them showing up in the logs; if you set error_reporting to 0 it won't be logged. If you want it to be logged, but not displayed to the customer, use display_errors = Off.
As for the user experience, I cannot see the purpose of making these errors manifest in a custom way - why would you ever want users to see them? In production I always set display_errors to off.
I'd want to see a message that "something" went wrong, rather than seeing a "white screen of death". This may be simple to do with a custom error handler. So, yeah, it does have a purpose.
We have a web server that we're about to launch a number of applications on. On the server-level we have managed to work out the error handling with the help of Hyperic to notify the person who is in charge in the event of a database/memcached server is going down.
However, we are still in the need of handling those eventual error and log events that happen on application level to improve the applications for our customers, before the customers notices.
So, what's then a good solution to do this?
Utilizing PHP:s own error log would quickly become cloggered if we would run a big number of applications at the same time. It's probably isn't the best option if you like structure.
One idea is to build a off-site lightweight error-handling application that has a REST/JSON API that receives encrypted and serialized arrays of error messages and stores them into a database. Maybe it could, depending on the severity of the error also be directly inputted into our bug tracker.
Could be a few well spent hours, but it seems like a quite fragile solution and I am sure that there's better more-reliable alternatives out there already.
Thanks,
Why would using PHP's own error_log quickly become 'cloggered'? If all goes well you won't see many errors, correct?
Building a separate application, especially one using an API, just for error reporting adds a lot of possible points of failure for error logging if you ask me. You could perhaps build an application that checks the existing error logs on various servers / for different applications to be able to display them in a sort of error dashboard, so you can see when things are REALLY going wrong.
But I'm interested to see what others might suggest as well, I haven't thought about it thát much yet for myself.
We actually tail -f the server's php error log for various outputs, but also catch a lot of exceptions we throw ourselves. By throwing a custom exception, you could have it (based on priority of course) write to your database, a log stream, your bug tracker and/or mail those-responsible-for-that-module. Of course you should log why the exception was raised (for example, var_export()/serialize() the func_get_args() of the method you threw an exception in. Make the exception message huge, since it will save you.
In addition to this, we use Zend_Log where exceptions are a bit overkill (for example if the argument given to the method should be deprecated, we might log a bit of debug_backtrace() to see where that call came from. This could be extended to programs making graphs of expensive calls etc, but that's a sidenote :)
My best tip: know where your application could fail and where it can not, it's so much easier to search for that error. Make sure errors that are raised based on external services are interpreted as such.
... and to be honest, I think this kind of thinking (Error-API/-Service on app. level) is a bit weird: how could you prevent an error if you knew exactly how to handle it? Wouldn't you avoid/automatize it?
You could use set_exception_handler and set_error_handler to gather more specific info and report it in a way that will alleviate the 'cloggering'. You could do different files for each client or application, introduce your own codes that allow for easy processing by an error parsing script, etc.
I'd be careful about introducing extra code or infrastructure to the error-handling process. It needs to be super solid so you can trust the info you get. Reporting errors directly to the database? What about database connection errors? (and on and on)
What you're searching for are PHPs error handling functions: http://de.php.net/manual/en/ref.errorfunc.php
Especially interesting would be set_error_handler() that allows you to completely override PHPs internal error handler.
With that you can make your own logs per application / send emails to admins / save error info to a db / tell users that an admin has been notified or whatever.
By either returning true or false you can also control wether PHPs internal error handler should run after your function or not.
I am just about to launch a fairly large website for the first time. I have turned off all error messages in my php.ini and error messages are now logged to an "error_log" file on my server.
My question is, now that the errors are logged to a file, what are the best ways that web developers keep on top of seeing when/where errors occur on the website?
At the moment, it seems like the best way would be to constantly check the error_log file everyday, however this doesn't seem like the most efficient solution. Ideally I would receive an email everytime an error occurs (with the error message). Any advice on how I can keep on top of errors would be greatly appreciated!
Extra Info
Running on Shared Server (HostMonster)
Website Authored in PHP
There are two main functions in PHP that help catching errors and exceptions. I suggest that you take a look at them :
set_exception_handler
set_error_handler
In our company, we handle all errors that occurs on our websites with those functions, defining our own errors and exceptions handling methods.
When an error occurs, an email is sent to the developers team.
The place I previously worked at used a custom extension to handle error logging. It basically INSERT DELAY the errors into a DB with some extra information. Then, a separate admin tool was written to be able to easily search, browse, sort and manually prune the log table.
I recommend that you don't write a custom extension, but that you use the set_error_handler method and just write to a DB instead. If the DB is unavailable, then write to a file as a backup. It'll be worlds easier than dealing with a huge file and a one-off format.
If you want, you can also email yourself hourly summaries, but I don't suggest you send anything more than that or you'll be hating yourself.
You can email yourself on errors, if there was no email in last N hours.
If you don't expect many errors, a "private" RSS/ATOM feed might work well... whereby you don't need to worry if you don't get anything... but if you start getting "updates" you know there are issues.
I don't know how Hostmonster handles log rotation, but generally you want to monitor the size of your error_log file. If the size jumps suddenly, there's definitely something you need to check up on so you'ld want to get an email telling you that the logfile size jumped unexpectedly.
Other than that, you can combine the error logs at the end of the week and email them to yourself and debug on the weekend. If an error is only happening a few times a week it's probably not too serious of an issue.
I've found out how to convert errors into exceptions, and I display them nicely if they aren't caught, but I don't know how to log them in a useful way. Simply writing them to a file won't be useful, will it? And would you risk accessing a database, when you don't know what caused the exception yet?
You could use set_error_handler to set a custom exception to log your errors. I'd personally consider storing them in the database as the default Exception handler's backtrace can provide information on what caused it - this of course won't be possible if the database handler triggered the exception however.
You could also use error_log to log your errors. It has a choice of message destinations including:
Quoted from error_log
PHP's system logger, using the Operating System's system logging mechanism or a file, depending on what the error_log configuration directive is set to. This is the default option.
Sent by email to the address in the destination parameter. This is the only message type where the fourth parameter, extra_headers is used.
Appended to the file destination . A newline is not automatically added to the end of the message string.
Edit: Does markdown have a noparse tag for underscores?
I really like log4php for logging, even though it's not yet out of the incubator. I use log4net in just about everything, and have found the style quite natural for me.
With regard to system crashes, you can log the error to multiple destinations (e.g., have appenders whose threshold is CRITICAL or ERROR that only come into play when things go wrong). I'm not sure how fail-safe the existing appenders are--if the database is down, how does that appender fail?--but you could quite easily write your own appender that will fail gracefully if it's unable to log.
Simply writing them to a file won't be useful, will it?
But of course it is - that's a great thing to do, much better than displaying them on the screen. You want to show the user a nice screen which says "Sorry, we goofed. Engineers have been notified. Go back and try again" and ABSOLUTELY NO TECHNICAL DETAIL, because to do so would be a security risk. You can send an email to a shared mailbox and log the exception to file or DB for review later. This would be a best-practice.
I'd write them to a file - and maybe set a monitoring system up to check for changes to the filesize or last-modified date. Webmin is one easy way, but there are more complete software solutions.
If you know its a one-off error, then emailing a notice can be fine. However, with a many hits per minute website, do not ever email a notification. I've seen a website brought down by having hundreds of emails per minute being generated to say that the system could not connect to the database. The fact that it also had a LoadAvg of > 200 because of of the mail server being run for every new message, did not help at all. In that instance - the best scenario was, by far and away, the watchdog checking for filesizes and connecting to an external service to send an SMS (maybe an IM), or having an external system look on a webpage for an error message (which doesn't have to be visible on screen - it can be in a HTML comment).
I think it depends a lot of where your error occured. If the DB is down logging it to the DB is no good idea ;)
I use the syslog() function for logging the error, but I have no problems writing it to a file when I'm on a system which has no syslog-support. You can easily set up your system to send you an email or a jabber message using for example logwatch or the standard syslogd.
I second log4php. I typically have it configured to send things like exceptions to ERROR or CRITITCAL and have them written to syslog. From there, you can have your syslog feed into Zenoss, Nagios, Splunk or anything else that syslog can talk to.
You can also catch and record PHP exceptions using Google Forms. There is a tutorial here that explains the process.