Configuration Directives for Error and Exception Handling
(Page 1 of 2 )
In this second part of a five-part series on error and exception handling, we'll pick up where we left off last time in discussing configuration directives. This article is exceprted from chapter eight of the book Beginning PHP and PostgreSQL 8: From Novice to Professional, written by W. Jason Gilmore and Robert H. Treat (Apress; ISBN: 1590595475).
More Configuration Directives
display_errors (On | Off)
Scope:PHP_INI_ALL; Default value: On
Enabling thedisplay_errorsdirective results in the display of any errors meeting the criteria defined byerror_reporting. You should have this directive enabled only during testing, and keep it disabled when the site is live. The display of such messages not only is likely to further confuse the end user, but could also provide more information about your application/server than you might like to make available. For example, suppose you were using a flat file to store newsletter subscriber e-mail addresses. Due to a permissions misconfiguration, the application could not write to the file. Yet rather than catch the error and offer a user-friendly response, you instead opt to allow PHP to report the matter to the end user. The displayed error would look something like:
Warning: fopen(subscribers.txt): failed to open stream: Permission denied in /home/www/htdocs/pmnp/8/displayerrors.php on line 3
Granted, you’ve already broken a cardinal rule by placing a sensitive file within the document root tree, but now you’ve greatly exacerbated the problem by informing the user of the exact location and name of the file. The user can then simply enter a URL similar tohttp:// www.example.com/subscribers.txt, and proceed to do what he will with your soon-to-be furious subscriber base.
display_startup_errors (On | Off)
Scope:PHP_INI_ALL; Default value: Off
Enabling thedisplay_startup_errorsdirective will display any errors encountered during the initialization of the PHP engine. Likedisplay_errors, you should have this directive enabled during testing, and disabled when the site is live.
log_errors (On | Off)
Scope:PHP_INI_ALL; Default value: Off
Errors should be logged in every instance, because such records provide the most valuable means for determining problems specific to your application and the PHP engine. Therefore, you should keeplog_errorsenabled at all times. Exactly to where these log statements are recorded depends on theerror_logdirective.
