Definition and usage
The set_error_handler () function sets the custom error handling function.
This function is used to create your own error handling methods during runtime.
This function returns the old error handler. If it fails, null is returned.
Syntax
Set_error_handler (error_function, error_types)
Parameter description
Error_function is required. Specifies the function to run when an error occurs.
Error_types is optional. Specifies at which error report level a user-defined error will be displayed. The default value is "E_ALL ".
Tips and comments
Tip: If this function is used, it will completely bypass the standard PHP error handler. If necessary, the user-defined error handler must terminate the (die () script.
Note: If an error occurs before the script is executed, the custom error handler will not be used because the custom program has not been registered at that time.
Let's take a look at the definition of the appError function in thinkphp.
The code is as follows: |
Copy code |
Public function appError ($ errno, $ errstr, $ errfile, $ errline) { Switch ($ errno ){ Case E_ERROR: Case E_USER_ERROR: $ ErrorStr = "error: [$ errno] $ errstr". basename ($ errfile). "row $ errline. n "; If (C ('web _ LOG_RECORD ')){ Log: record ($ errorStr ); Log: save (); } Halt ($ errorStr ); Break; Case E_STRICT: Case E_USER_WARNING: Case E_USER_NOTICE: Default: $ ErrorStr = "Note: [$ errno] $ errstr". basename ($ errfile). "row $ errline. n "; Log: record ($ errorStr ); Break; } } |
But I still have doubts about this writing method. Why don't I simply use if else? Because it seems that the logic is sufficient, if else is dizzy.
I have already consulted experts on the forum, but I haven't replied yet. It seems that the experts on the TP forum are not responding quickly, or is my question too simple? Oh.
Let's start with the question. We can see the error methods in this function and the set_error_handler in init,
I have never used this function, so I have to ask google. I don't think this is a shame.
I will repost an article I think is the best. Sorry, his original format is a bit messy. I sorted it out a little.
Original article address: set_error_handler () Author: Daytime shadow
The set_error_handler function is used to prevent error path leakage.
What is error path leakage?
When we write a program, it is inevitable that there will be a problem (it is often a problem), and when PHP encounters an error, it will give the location, number of lines, and the cause of the error script
Many people say that this is no big deal. Indeed, in the debugging stage, this is indeed nothing, and I think it is necessary to give an error path.
However, the consequences of leaking the actual path are unimaginable. For some intruders, this information is very important. In fact, many servers have this problem.
Some network administrators simply set display_errors in the PHP configuration file to Off (we seem to have done this), but I think this method is too negative.
Sometimes, we do need PHP to return an error message for debugging. In addition, when an error occurs, you may need to give the user an explanation, or even navigate to another page.
So what are the solutions?
PHP has provided the set_error_handler () function for customizing error handling handles since 4.1.0, but few script writers know it.
Sorry, I don't know. I just learned it after google. Sorry ..
In many PHP forums, I have seen only a small number of cases. (This problem exists in some awesome forums)
Set_error_handler is used as follows:
String set_error_handler (callback error_handler [, int error_types])
Now we can use custom error handling to filter out the actual path.
For example, assume that there is a variable $ admin, which is used to determine whether the visitor is an administrator (you can use the IP address or user ID to determine whether the visitor is an administrator)
The code is as follows: |
Copy code |
// Identify admin as the administrator. true is the administrator. // The Custom error handler must have these four input variables $ errno, $ errstr, $ errfile, and $ errline. Otherwise, the error handler is invalid. Function my_error_handler ($ errno, $ errstr, $ errfile, $ errline) { // Filter the actual path if it is not an administrator If (! Admin) { $ Errfile = str_replace (getcwd (), "", $ errfile ); $ Errstr = str_replace (getcwd (), "", $ errstr ); } Switch ($ errno) { Case E_ERROR: Echo "ERROR: [ID $ errno] $ errstr (Line: $ errline of $ errfile) n "; Echo "the program has stopped running. Contact the administrator. "; // Exit the script when an Error occurs. Exit; Break; Case E_WARNING: Echo "WARNING: [ID $ errno] $ errstr (Line: $ errline of $ errfile) n "; Break; Default: // Do not display Notice-level errors Break; } |
} Then a custom error handling function is defined, which is the same as thinkphp's appError. Haha.
So how can I handle the error to this UDF?
// Thinkphp practices
Set_error_handler (array (& $ this, "appError "));
// Example
Set_error_handler ("my_error_handler"); so easy, which can solve the conflict between security and debugging convenience. In addition, you can also make some effort to make the error prompt more beautiful to match the website style.
The original author gave two points to be aware of. I will also release them to attract the attention of the masses of compatriots:
E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, and E_COMPILE_WARNING are not processed by this handle, that is, they are displayed in the original mode. However, these errors are caused by compilation or PHP kernel errors, which usually do not occur.
When set_error_handler () is used, error_reporting () becomes invalid. That is, all the errors (except the preceding errors) will be handled by the custom function.
Finally, the original author gave another example (really a good man who is really responsible. Haha)
// Define a function first, or you can define it in other files, and call it with require ()
The code is as follows: |
Copy code |
Function myErrorHandler ($ errno, $ errstr, $ errfile, $ errline) { // For the sake of security, the actual physical path is not exposed. The following two rows filter the actual path. $ Errfile = str_replace (getcwd (), "", $ errfile ); $ Errstr = str_replace (getcwd (), "", $ errstr ); Switch ($ errno ){ Case E_USER_ERROR: Echo "<B> My ERROR </B> [$ errno] $ errstr <br/> n "; Echo "Fatal error on line $ errline in file $ errfile "; Echo ", PHP". PHP_VERSION. "(". PHP_ OS. ") <br/> n "; Echo "Aborting... <br/> n "; Exit (1 ); Break; Case E_USER_WARNING: Echo "<B> My WARNING </B> [$ errno] $ errstr <br/> n "; Break; Case E_USER_NOTICE: Echo "<B> My NOTICE </B> [$ errno] $ errstr <br/> n "; Break; Default: Echo "Unknown error type: [$ errno] $ errstr <br/> n "; Break; } /* Don't execute PHP internal error handler */ Return true; } |
// Start to connect to the MYSQL server. We deliberately set the MYSQL port to 3333, which is 3306.
The code is as follows: |
Copy code |
$ Link_id = @ mysql_pconnect ("localhost: 3333", "root", "password "); Set_error_handler (myErrorHandler ); If (! $ Link_id ){ Trigger_error ("error", E_USER_ERROR ); } |
Well, based on the above explanations and the serious and responsible attitude of the original author, I think if I still cannot learn this set_error_handler function, I should hit the wall.
Incorrect path leakage
1. Cause:
When PHP encounters an error, it will give the location, number of rows, and cause of the error script, for example:
Notice: Use of undefined constant test-assumed "test" in D: interpubbigflytest. php on line 3
Many people say that this is no big deal. However, the consequences of leaking the actual path are unimaginable. For some intruders, this information is very important. In fact, many servers have this problem.
Some network administrators simply set display_errors in the PHP configuration file to Off, but I think this method is too negative. Sometimes, we do need PHP to return an error message for debugging. In addition, when an error occurs, you may need to give the user an explanation, or even navigate to another page.
2. Vulnerability resolution:
PHP has provided the set_error_handler () function for customizing error handling handles since 4.1.0, but few script writers know it. In many PHP forums, I have seen only a small number of cases. Set_error_handler is used as follows:
String set_error_handler (callback error_handler [, int error_types])
Now we can use custom error handling to filter out the actual path.
The code is as follows: |
Copy code |
<? Php // Identify admin as the administrator. true is the administrator. // The Custom error handler must have these four input variables $ errno, $ errstr, $ errfile, and $ errline. Otherwise, the error handler is invalid. Function my_error_handler ($ errno, $ errstr, $ errfile, $ errline ){ // Filter the actual path if it is not an administrator If (! Admin ){ $ Errfile = str_replace (getcwd (), "", $ errfile ); $ Errstr = str_replace (getcwd (), "", $ errstr ); } Switch ($ errno ){ Case E_ERROR: Echo "ERROR: [ID $ errno] $ errstr (Line: $ errline of $ errfile )"; Echo "the program has stopped running. Contact the administrator. "; // Exit the script when an Error occurs. Exit; Break; Case E_WARNING: Echo "WARNING: [ID $ errno] $ errstr (Line: $ errline of $ errfile )"; Break; Default: // Do not display Notice-level errors Break; } } // Set error handling to the my_error_handler function Set_error_handler ("my_error_handler "); ... ?> |
In this way, the conflict between security and debugging convenience can be well solved. In addition, you can also make some effort to make the error prompt more beautiful to match the website style. However, note the following two points:
(1) E_ERROR, E_PARSE, E_CORE_ERROR, E_CORE_WARNING, E_COMPILE_ERROR, and E_COMPILE_WARNING will not be processed by this handle, that is, they will be displayed in the most primitive way. However, these errors are caused by compilation or PHP kernel errors, which usually do not occur.
(2) when set_error_handler () is used, error_reporting () becomes invalid. That is, all the errors (except the preceding errors) will be handled by the custom function.
For other information about set_error_handler (), refer to the official PHP Manual.
The following is an example of a practical application:
The code is as follows: |
Copy code |
<? Php // Define a function first, or you can define it in other files, and call it with require () Function myErrorHandler ($ errno, $ errstr, $ errfile, $ errline ){ // For the sake of security, the actual physical path is not exposed. The following two rows filter the actual path. $ Errfile = str_replace (getcwd (), "", $ errfile ); $ Errstr = str_replace (getcwd (), "", $ errstr ); Switch ($ errno ){ Case E_USER_ERROR: Echo "<B> My ERROR </B> [$ errno] $ errstr <br/> n "; Echo "Fatal error on line $ errline in file $ errfile "; Echo ", PHP". PHP_VERSION. "(". PHP_ OS. ") <br/> n "; Echo "Aborting... <br/> n "; Exit (1 ); Break; Case E_USER_WARNING: Echo "<B> My WARNING </B> [$ errno] $ errstr <br/> n "; Break; Case E_USER_NOTICE: Echo "<B> My NOTICE </B> [$ errno] $ errstr <br/> n "; Break; Default: Echo "Unknown error type: [$ errno] $ errstr <br/> n "; Break; } /* Don't execute PHP internal error handler */ Return true; } // Start to connect to the MYSQL server. We deliberately set the MYSQL port to 3333, which is 3306. $ Link_id = @ mysql_pconnect ("localhost: 3333", "root", "password "); Set_error_handler (myErrorHandler ); If (! $ Link_id ){ Trigger_error ("error", E_USER_ERROR ); } ?> |
Note that:
Set_error_handler ("customError") can not only accept functions, but also accept class methods (public static methods and public non-static methods are acceptable), but must be transmitted in the form of arrays, the first value of the array is "class name", and the second parameter is "method name", as shown in the following code:
The code is as follows: |
Copy code |
<? Php Class App { // Error handler function Function customError ($ errno, $ errstr, $ errfile, $ errline ){ Echo "<B> Custom error: </B> [$ errno] $ errstr <br/> "; Echo "Error on line $ errline in $ errfile <br/> "; Echo "Ending Script "; Die (); } } // Set error handler Set_error_handler (array ("App", "customError ")); $ Test = 2; // Trigger error If ($ test> 1 ){ Trigger_error ("A custom error has been triggered "); } ?> |