PHP set_error_handler () function, phpseterrorhandler

PHP set_error_handler () function, phpseterrorhandler

When we write a program, it is inevitable that there will be problems (which often occur). When PHP encounters an error, it will give the location, number of lines, and the cause of the error script. Many people say that this is no big deal. Indeed, in the debugging stage, this is indeed nothing, and I think it is necessary to give an Error Path.

However, the consequences of leaking the actual path are unimaginable. For some intruders, this information is very important. In fact, many servers have this problem. Some network administrators simply set display_errors in the PHP configuration file to Off (we seem to have done this), but I think this method is too negative.

Sometimes, we do need PHP to return an error message for debugging. In addition, when an error occurs, you may need to give the user an explanation, or even navigate to another page.

So what are the solutions?

set_error_handler()

PHP has provided the set_error_handler () function for customizing error handling handles since 4.1.0, but few script writers know it. The set_error_handler function can effectively prevent the leakage of error paths. Of course, there are other functions.

Set_error_handler is used as follows:

string set_error_handler ( callback error_handler [, int error_types])

Now we can use custom error handling to filter out the actual path. Assume that there is a variable $ admin, which is used to determine whether the visitor is an administrator (you can use the IP address or user ID to determine whether the visitor is an administrator)

// Identify admin as the administrator. true is the administrator. // The custom error handler must have these four input variables $ errno, $ errstr, $ errfile, and $ errline. Otherwise, the error handler is invalid. Function my_error_handler ($ errno, $ errstr, $ errfile, $ errline) {// filter the actual path if (! Admin) {$ errfile = str_replace (getcwd (), "", $ errfile); $ errstr = str_replace (getcwd (), "", $ errstr );} switch ($ errno) {case E_ERROR: echo "ERROR: [ID $ errno] $ errstr (Line: $ errline of $ errfile) \ n"; echo "The program has stopped running, contact the administrator. "; // Exit the script break when an Error occurs; case E_WARNING: echo" WARNING: [ID $ errno] $ errstr (Line: $ errline of $ errfile) \ n "; break; default: // do not display Notice-Level Error break ;}}

In this way, a custom error processing function is defined. How can we hand over error processing to this custom function?

// Apply it to the class set_error_handler (array (& $ this, "appError"); // example set_error_handler ("my_error_handler ");

So easy, which can solve the conflict between security and debugging convenience. In addition, you can also make some effort to make the error prompt more beautiful to match the website style.

The original author gave two points to be aware of. I will also release them to attract the attention of the masses of compatriots:

// Define a function first, or define it in other files, and then call function myErrorHandler ($ errno, $ errstr, $ errfile, $ errline) using require) {// for the sake of security, the actual physical path is not exposed. The following two rows filter the actual path $ errfile = str_replace (getcwd (), "", $ errfile ); $ errstr = str_replace (getcwd (), "", $ errstr); switch ($ errno) {case E_USER_ERROR: echo "<B> My ERROR </B> [$ errno] $ errstr <br/> \ n"; echo "Fatal error on line $ errline in file $ errfile "; echo ", PHP ". PHP_VERSION. "(". PHP_ OS. ") <Br/> \ n"; echo "Aborting... <br/> \ n "; exit (1); break; case E_USER_WARNING: echo "<B> My WARNING </B> [$ errno] $ errstr <br/> \ n"; break; case E_USER_NOTICE: echo "<B> My NOTICE </B> [$ errno] $ errstr <br/> \ n"; break; default: echo "Unknown error type: [$ errno] $ errstr <br/> \ n "; break;}/* Don't execute PHP internal error handler */return true ;} // start to connect to the MYSQL server. We deliberately set the MYSQL port to 3333, Which is 3306. $ Link_id = @ maid ("localhost: 3333", "root", "password"); set_error_handler (myErrorHandler); if (! $ Link_id) {trigger_error ("error", E_USER_ERROR );}

Now, let's sum up the following three usage methods: set_error_handler:

Class CallbackClass {function CallbackFunction () {// refers to $ this} function StaticFunction () {// doesn't refer to $ this} function NonClassFunction ($ errno, $ errstr, $ errfile, $ errline) {}// three methods are as follows: 1: set_error_handler ('nonclassfunction '); // directly convert to a normal function NonClassFunction 2: set_error_handler (array ('callbackclass', 'staticfunction'); // go to the static method StaticFunction 3 under the CallbackClass class: $ o = & new CallbackClass (); set_error_handler (array ($ o, 'callbackfunction'); // The constructor of the class is essentially the same as the fourth one below. 4. $ o = new CallbackClass (); // The following may also prove useful: class CallbackClass {function CallbackClass () {set_error_handler (array (& $ this, 'callbackfunction ')); // the & is important} function CallbackFunction () {// refers to $ this }}