Output of errors in PHP

No matter how neat and attentive the web programmer was, there may be mistakes and inaccuracies during his work. As a result, this can lead to the failure of the site or service. For debugging during project development, it is possible to include error output in PHP.

How it works?

PHP certainly responds to this or that script code. In some cases - performing the necessary action, in others - displays an error. This mechanism helps the developer at the time of the implementation of the code section to quickly correct the shortcomings.

However, the output of errors in PHP is not always needed. After the development of the project is completed, this function is disabled, in order to avoid hacking or unauthorized access.

Customize

For the entire configuration of the PHP interpreter, the php.ini file responds. It has an error_reporting directive, which just defines the output of errors in PHP. However, even though it includes exception handling, display_errors responds to displaying them in the browser window. If it is disabled, the system displays a blank page instead of an error.

Classification of exceptions

The output of errors in PHP can be conditionally divided into several categories:

• Errors, as a result of which the script will stop working. The so-called, fatal. These include E_ERROR, E_COMPILE_ERROR;

• Errors that can be eliminated. Their values for the error_reporting directive can be: E_WARNING, E_NOTICE and others.

It is worthwhile to consider in more detail each type and describe its functional.

• E_ERROR. Usually this type refers to such errors that can not be quickly eliminated or continue the execution of the script. This can include problems with memory allocation;

• E_WARNING. The code will continue to work, but a warning will be displayed that there is some error, the code of which is indicated in the message. Not critical;

• E_NOTICE. Notifications that show: something has happened that could cause an error. Also not critical for code execution;

• E_USER_ERROR. Errors generated by the user;

• E_ALL. This includes all types of errors. Typically, this option is enabled by default when installing the interpreter.

How to enable error output in PHP

The method of using error mechanisms in PHP can differ depending on where the code is applied - on a hosting or on a local computer. In the second case, the developer can configure his server and display as he pleases, namely, change the configuration in the php.ini file. It is enough to give two directives - display_errors and error_reporting to the following form:

Display_errors on

Error_reporting E_ALL

These commands will show all error messages right in the browser window.

If the development is carried out on a virtual hosting, then most often the error display function is disabled for security reasons. Therefore, to activate it, you will need to use the Apache htaccess server configuration file. Usually it is in the root of the site. You need to add a couple of lines to it using any text editor:

Php_flag display_errors on

Php_value error reporting -1

You can also output errors directly from the code using the ini_set () function. However, it should be borne in mind that after the development of the site, its application can cause security problems.

Write to file

PHP allows you to save all the errors that occurred at a certain place on the hard disk. In order to include the output of PHP errors in a file, you can use three methods:

1. Edit the php.ini file. Here you need to define two lines. The first one is log_errors = On, which, in fact, activates the output capability. The second is error_log = path / to the desired / file.

2. Edit htaccess. You can also add two lines to it. Php_value log_errors "on" and php_value error_log path / to the file.

3. Use the ini_set function in the required place of code.

Conclusion

The output of errors in PHP is a necessary tool in debugging code. But it can also create potentially vulnerable areas. Therefore, it is necessary to use this mechanism carefully and carefully. After the site or service has passed all the stages of testing, you need to make sure that it does not display errors by which an attacker can access important data.