Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP error_reporting vs. display_errors

Tags:

Is error_reporting(0) same as ini_set('display_errors', 0)? If not, what is the difference?

I'm also interested in security side of this code? Can I achieve 'so malicious users can't probe' with this?

like image 939
mgulan Avatar asked May 02 '14 20:05

mgulan


People also ask

What is Display_errors?

The display_error setting in PHP is used to determine whether errors should be printed to the screen or not. The error can be used as a part of the output or can be hidden from the user. There are many servers who have kept the display_errors setting as enabled in PHP.

How show all errors in PHP?

Quickly Show All PHP Errors The quickest way to display all php errors and warnings is to add these lines to your PHP code file: ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);


1 Answers

They are NOT the same, but in your use may have the same outcome.

  1. error_reporting is the level of reporting, NONE through ALL. This determines what types of errors are reported (E_NOTICE, E_WARNING, E_ALL, etc..).

  2. display_errors is whether to display those errors (output to browser, CLI, etc...) that are reported from 1.

If you set error_reporting(E_ALL) and ini_set('display_errors', '0') you can still get all errors reported in the log file but not displayed.

With error_reporting(0) you don't get any errors displayed or in the log and it doesn't matter the values of display_errors.

display_errors should be off in your production applications, preferably in php.ini so that information such as file paths, database names and usernames are not shown. Error reporting sent to the log is beneficial and should not be a security concern.

like image 82
AbraCadaver Avatar answered Sep 20 '22 13:09

AbraCadaver