Is error_reporting(0)
same as ini_set('display_errors', 0)
? If not, what is the difference?
I'm also interested in security side of this code? Can I achieve 'so malicious users can't probe' with this?
The display_error setting in PHP is used to determine whether errors should be printed to the screen or not. The error can be used as a part of the output or can be hidden from the user. There are many servers who have kept the display_errors setting as enabled in PHP.
Quickly Show All PHP Errors The quickest way to display all php errors and warnings is to add these lines to your PHP code file: ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
They are NOT the same, but in your use may have the same outcome.
error_reporting
is the level of reporting, NONE through ALL. This determines what types of errors are reported (E_NOTICE, E_WARNING, E_ALL, etc..).
display_errors
is whether to display those errors (output to browser, CLI, etc...) that are reported from 1.
If you set error_reporting(E_ALL)
and ini_set('display_errors', '0')
you can still get all errors reported in the log file but not displayed.
With error_reporting(0)
you don't get any errors displayed or in the log and it doesn't matter the values of display_errors
.
display_errors
should be off in your production applications, preferably in php.ini
so that information such as file paths, database names and usernames are not shown. Error reporting sent to the log is beneficial and should not be a security concern.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With