1,display_errors
Display_errors
Error echo, common term development mode, but many applications in the formal environment also forgot to turn off this option. Error echo can expose a lot of sensitive information to facilitate attackers ' next attack. It is recommended to turn this option off.
display_errors = on
On the state, if there is an error, the error message, there are errors
dispaly_errors = Off
Off state, if an error occurs, the prompt: Server error. But there are no error prompts
log_errors
Use this in a formal environment and keep the error message in the log. The error echo can be turned off exactly.
For PHP developers, once a product is put into use, the first thing to do is to turn off the display_errors option to avoid hackers being hacked by the paths, database connections, data tables, and other information that these errors reveal. Second, turn on log_errors.
The configuration in php.ini is as follows:
Alternatively, you can set error_log = syslog to log these error messages to the operating system.
Sometimes you encounter the following issues:
PHP settings file php.ini has been set display_errors = Off, but during the run, the page will still appear error message.
Solution:
After checking log_errors= on, according to the official statement, when this log_errors is set to ON, then you must specify the Error_log file, if not specified or the specified file does not have permission to write, so will output to the normal output channel, then also makes the Display_ Errors this specified off fails, the error message is printed out. So the log_errors = Off, the problem is solved.
2, error_reporting Set the level of error message return
Error_reporting can set the parameters as follows:
Error reporting is a bit field. You can add numbers together to get the level of error reporting you want.
Value |
Constant |
Describe |
1 |
E_error |
A fatal run error. Error cannot be recovered, pause execution of script |
2 |
E_warning |
Run-time warning (non-fatal error). Non-fatal run error, script execution does not stop |
4 |
E_parse |
Compile-time parse error. Parsing errors are generated only by the parser |
8 |
E_notice |
Runtime reminders (These are often caused by bugs in your code, or by intentional behavior.) ) |
16 |
E_core_error |
Fatal error during initialization of PHP startup |
32 |
E_core_warning |
Warnings during initialization of PHP startup (non-fatal error) |
64 |
E_compile_error |
Compile-time fatal error. This is like a e_error generated by the Zend scripting engine |
128 |
E_compile_warning |
Compile-time warning (non-fatal error). This is like a e_warning warning generated by the Zend scripting engine |
256 |
E_user_error |
User-defined error message. It's like using PHP function trigger_error (programmer setup E_error) |
512 |
E_user_warning |
User-defined warning message. This is like using PHP function Trigger_error (a e_warning warning set by the programmer) |
1024 |
E_user_notice |
A user-defined reminder message. It's like a trigger_error by using PHP function (programmer a e_notice set) |
2048 |
E_strict |
Coding normalization Warning. Allows PHP to suggest how to modify the code to ensure optimal interoperability forward compatibility |
4096 |
E_recoverable_error |
Catch a fatal error. This is like a e_error, but can be captured by user-defined processing (see also Set_error_handler ()) |
8191 |
E_all |
All errors and warnings (not including e_strict) (E_strict'll be part of E_all as of PHP 6.0) |
The configuration examples in php.ini are as follows:
error_reporting = E_all & ~e_notice; Show all errors except reminder error_reporting = e_compile_error| e_error| E_core_error; Show only compile-time fatal error ERROR_REPORTING=E_ERROR: Only fatal errors are reported
In the PHP program, configure the following:
<?php//Disabling Error Reporting error_reporting (0); Report run-time error error_reporting (E_error | e_warning | E_parse); Report all error error_reporting (E_all);? >
Error log display_errors and error_reporting configuration in PHP