This article describes in detail how to use the PHPset_error_handler () function, and finally provides an instance for us to write programs. it is inevitable that there will be a problem (which is often a problem). when PHP encounters an error, the location, number of rows, and cause of the error script are displayed. Many people say that this is no big deal. Indeed, in the debugging stage, this is indeed nothing, and I think it is necessary to give an error path.
However, the consequences of leaking the actual path are unimaginable. for some intruders, this information is very important. In fact, many servers have this problem. Some network administrators simply set display_errors in the PHP configuration file to Off (we seem to have done this), but I think this method is too negative.
Sometimes, we do need PHP to return an error message for debugging. In addition, when an error occurs, you may need to give the user an explanation, or even navigate to another page. So what are the solutions?
Set_error_handler ()
PHP has provided the set_error_handler () function for customizing error handling handles since 4.1.0, but few script writers know it. The set_error_handler function can effectively prevent the leakage of error paths. of course, there are other functions.
It can be used to block errors. When an error occurs, it will expose some information to the user, which is very likely to be a tool for hackers to attack your website. Second, let the user think that your level is very poor.
You can write down the error information and discover problems in the production environment in time.
You can perform corresponding processing. When an error occurs, the page jumps to the pre-defined error page to provide a better user experience.
It can be used as a debugging tool. in some cases, you must debug something in the production environment, but you do not want to affect the users in use.
Set_error_handler is used as follows:
The code is as follows:
String set_error_handler (callback error_handler [, int error_types])
Now we can use custom error handling to filter out the actual path. Assume that there is a variable $ admin, which is used to determine whether the visitor is an administrator (you can use the IP address or user ID to determine whether the visitor is an administrator)
The code is as follows:
// Identify admin as the administrator. true is the administrator.
// The Custom error handler must have these four input variables $ errno, $ errstr, $ errfile, and $ errline. Otherwise, the error handler is invalid.
Function my_error_handler ($ errno, $ errstr, $ errfile, $ errline)
{
// Filter the actual path if it is not an administrator
If (! Admin)
{
$ Errfile = str_replace (getcwd (), "", $ errfile );
$ Errstr = str_replace (getcwd (), "", $ errstr );
}
Switch ($ errno)
{
Case E_ERROR:
Echo "ERROR: [ID $ errno] $ errstr (Line: $ errline of $ errfile) \ n ";
Echo "the program has stopped running. contact the administrator. ";
// Exit the script when an Error occurs.
Exit;
Break;
Case E_WARNING:
Echo "WARNING: [ID $ errno] $ errstr (Line: $ errline of $ errfile) \ n ";
Break;
Default:
// Do not display Notice-level errors
Break;
}
}
In this way, a custom error processing function is defined. how can we hand over error processing to this custom function?
The code is as follows:
// Apply to class
Set_error_handler (array (& $ this, "appError "));
// Example
Set_error_handler ("my_error_handler ");
So easy, which can solve the conflict between security and debugging convenience. In addition, you can also make some effort to make the error prompt more beautiful to match the website style.
The original author gave two points to be aware of. I will also release them to attract the attention of the masses of compatriots:
1. E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, and E_COMPILE_WARNING will not be processed by this handle, that is, they will be displayed in the most primitive way. However, all of these errors are for compiling or PHP kernel errors, which are not typically occurring.
2. when set_error_handler () is used, error_reporting () becomes invalid. That is, all the errors (except the preceding errors) will be handled by the custom function.
Finally, an example is provided.
The code is as follows:
// Define a function first, or you can define it in other files, and call it with require ()
Function myErrorHandler ($ errno, $ errstr, $ errfile, $ errline)
{
// For the sake of security, the actual physical path is not exposed. the following two rows filter the actual path.
$ Errfile = str_replace (getcwd (), "", $ errfile );
$ Errstr = str_replace (getcwd (), "", $ errstr );
Switch ($ errno ){
Case E_USER_ERROR:
Echo"My ERROR[$ Errno] $ errstr
\ N ";
Echo "Fatal error on line $ errline in file $ errfile ";
Echo ", PHP". PHP_VERSION. "(". PHP_ OS .")
\ N ";
Echo "Aborting...
\ N ";
Exit (1 );
Break;
Case E_USER_WARNING:
Echo"My WARNING[$ Errno] $ errstr
\ N ";
Break;
Case E_USER_NOTICE:
Echo"My NOTICE[$ Errno] $ errstr
\ N ";
Break;
Default:
Echo "Unknown error type: [$ errno] $ errstr
\ N ";
Break;
}
/* Don't execute PHP internal error handler */
Return true;
}
// Start to connect to the MYSQL server. we deliberately set the MYSQL port to 3333, which is 3306.
$ Link_id = @ mysql_pconnect ("localhost: 3333", "root", "password ");
Set_error_handler (myErrorHandler );
If (! $ Link_id ){
Trigger_error ("error", E_USER_ERROR );
}
