Whether error_reporting(0) in php prevent hacking

Question

Whether using error_reporting(0) in php script will prevent hacking using SQLi or XSS by not reporting error?

definitely not preventing **XSS**, no way :D – Marek Sebera Jul 01 '12 at 08:05 — Marek Sebera, Jul 01 '12 at 08:05

score 3 · Accepted Answer · edited May 23 '17 at 12:12

Using error_reporting(0) is plain dangerous; you're hiding warnings that could give vital clues to shaky coding. At the same time it won't prevent SQL injection issues or xss.

My advice: set error_reporting(-1) at all times and either log all errors using error_log or write a custom error handler using set_error_handler() to handle the errors without showing them on the page. During development you should always enable display_errors as well.

Note that nothing but good coding practices and proper testing can mitigate hacking, but preventing it altogether takes even more. Adopt defensive programming or perhaps ask Bernstein to tutor you ;-)

score 2 · Answer 2 · answered Jul 01 '12 at 08:09

2

By doing error_reporting(0) you only hide the errors from the user. In some cases it may be helpful to minimize hacking but not the XSS attacks for sure.

answered Jul 01 '12 at 08:09

Navneet Pandey

135
1
9

Whether error_reporting(0) in php prevent hacking

2 Answers2