When we write a program, there will inevitably be problems (often problems), and when PHP encounters an error, it gives the location of the error script, the number of rows, and the reason. A lot of people say it's not a big deal. Indeed, during the debugger phase, this is really nothing, and I think it is necessary to give the wrong path.
But the consequences of revealing the actual path are disastrous, and for some intruders, this information is very important, and in fact there are a lot of servers that are having this problem. Some network management simply set the PHP configuration file display_errors to off to solve (it seems that we are doing this), but I think this method is too negative.
Sometimes, we really need PHP to return the wrong information for debugging. And in the case of errors may also need to give the user a confession, or even navigate to another page. So, what's the solution?
Set_error_handler ()
PHP provides the function Set_error_handler () of the custom error handling handle starting from 4.1.0, but very few script writers know. Set_error_handler This function is a good way to prevent false path leaks, of course, there are other more functions.
can be used to mask errors. An error will leak some information to the user, most likely to become a hacker attack on your site tools. And let the user feel that your level is very lame.
You can write down the wrong information and find out the problems of some production environment in time.
Can do the corresponding processing, when the error can be displayed to jump to a pre-defined error page, to provide a better user experience.
As a debugging tool, some things must be debugged in the production environment, but do not want to affect the users in use.
Set_error_handler is used as follows:
Copy CodeThe code is as follows:
String Set_error_handler (callback Error_Handler [, int error_types])
Now we are using custom error handling to filter out the actual path. Suppose there is a variable $admin, we are used to determine whether the visitor is an administrator (can make this judgment by IP or login user ID)
Copy CodeThe code is as follows:
Admin is the administrator's identity, and true is administrator.
The custom error handler must have these 4 input variables $errno, $errstr, $errfile, $errline, otherwise invalid.
function My_error_handler ($errno, $errstr, $errfile, $errline)
{
Filter the actual path if it's not an administrator
if (!admin)
{
$errfile =str_replace (GETCWD (), "", $errfile);
$errstr =str_replace (GETCWD (), "", $errstr);
}
Switch ($errno)
{
Case E_ERROR:
echo "ERROR: [ID $errno] $errstr (line: $errline of $errfile) \ n";
echo "program has stopped running, please contact the administrator. ";
Exit script when error level errors are encountered
Exit
Break
Case e_warning:
echo "WARNING: [ID $errno] $errstr (line: $errline of $errfile) \ n";
Break
Default
Do not show errors at notice level
Break
}
}
So you can customize an error handler, so how do you give the wrong handling to the custom function?
Copy CodeThe code is as follows:
Apply to Class
Set_error_handler (Array (& $this, "Apperror"));
Examples of practices
Set_error_handler ("My_error_handler");
So easy, this can be a good solution to the security and debugging convenience contradictions. And you can also take a little thought to make the error message more beautiful to match the style of the website.
The original author gave two points to pay attention to the place, I also let out, hope to arouse the attention of our compatriots:
1, E_error, E_parse, E_core_error, e_core_warning, E_compile_error, e_compile_warning will not be handled by this handle, that is, will be displayed in the most primitive way. However, these errors are either compiled or the PHP kernel is faulty and will not normally occur.
2, after using Set_error_handler (), error_reporting () will be invalid. That is, all errors (except for the above errors) will be given to the custom function processing.
Finally, an example
Copy CodeThe code is as follows:
Define a function, or you can define it in another file, and then use require () to call
function MyErrorHandler ($errno, $errstr, $errfile, $errline)
{
For security reasons, do not expose the real physical path, the following two lines filter the actual path
$errfile =str_replace (GETCWD (), "", $errfile);
$errstr =str_replace (GETCWD (), "", $errstr);
Switch ($errno) {
Case E_USER_ERROR:
echo "
My ERROR[$errno] $errstr
\ n ";
echo "Fatal error on line $errline in file $errfile";
echo ", PHP". Php_version. " (" . Php_os. ")
\ n ";
echo "Aborting ...
\ n ";
Exit (1);
Break
Case e_user_warning:
echo "
My WARNING[$errno] $errstr
\ n ";
Break
Case E_user_notice:
echo "
My NOTICE[$errno] $errstr
\ n ";
Break
Default
echo "Unknown error type: [$errno] $errstr
\ n ";
Break
}
/* Don ' t execute PHP Internal Error handler */
return true;
}
The following begins the connection to the MySQL server, we deliberately specify the MySQL port is 3333, the actual is 3306.
$link _id= @mysql_pconnect ("localhost:3333", "root", "password");
Set_error_handler (MyErrorHandler);
if (! $link _id) {
Trigger_error ("error", E_user_error);
}
http://www.bkjia.com/PHPjc/825122.html www.bkjia.com true http://www.bkjia.com/PHPjc/825122.html techarticle when we write a program, there will inevitably be problems (often problems), and when PHP encounters an error, it gives the location of the error script, the number of rows, and the reason. There are many people who say that this is nothing ...
