44

what are the best practises for hiding all php errors? As I don't want ERRORS to show to the user.

I've tried using the .htacess by putting the code php_flag display_errors off in there, but it returns me a 500 error.

Are there any other methods that will hide all errors?

Frank
  • 1,844
  • 8
  • 29
  • 44
  • 1
    `php_flag` only works if PHP is running as an Apache module. If you're running it via CGI or something, Apache doesn't know anything about that directive, so it throws an error. – cHao Feb 11 '12 at 18:39

7 Answers7

99

PHP has a configuration directive intended exactly for that, called display_errors. Like any other configuration setting, it's best to be set in php.ini. But in case you don't have access to this file, you can set it right in PHP code

to Hide All Errors:

ini_set('display_errors', 0);

to Show All Errors:

ini_set('display_errors', 1);

While ERROR_REPORTING value, which is often mistakenly taken responsible for hiding errors, should be kept at E_ALL all the time, so errors could be logged on the server.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Aditya P Bhatt
  • 21,431
  • 18
  • 85
  • 104
  • I tried this and It didnt work for me. Any idea what other factors could be preventing from hiding errors? – Taha Khan Dec 28 '20 at 23:48
10

Per the PHP documentation, put this at the top of your php scripts:

<?php ini_set('display_errors', 0); ?>

If you do hide your errors, which you should in a live environment, make sure that you are logging any errors somewhere. How do I log errors and warnings into a file? Otherwise, things will go wrong and you will have no idea why.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
john.w
  • 323
  • 4
  • 13
3

To hide errors only from users but displaying logs errors in apache log

error_reporting(E_ALL);
ini_set('display_errors', 0);

1 - Displaying error only in log
2 - hide from users

Dr Jay
  • 415
  • 2
  • 14
3

In your php file just enter this code:

ini_set('display_errors', 0);

This will report no errors to the user. If you somehow want, then just comment this.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
axiomer
  • 2,088
  • 1
  • 17
  • 26
  • 4
    Yeah..any error that happens before the script actually starts running (parse errors, syntax errors) won't be hidden by a call that happens after the script starts. If you really want to hide *everything*, you'd have to set `error_reporting = 0` in php.ini. But frankly, if you have a syntax error, that code shouldn't be in a live site anyway -- it'll never be able to work -- so it shouldn't matter. – cHao Feb 11 '12 at 18:52
  • or just have a separate file that just turns `error_reporting` off and `include`s your actual script. as long as the parser does not complain about the file, that turns `error_reporting` off, you will be ok, even if the parsing of the included files fails. – Basti Feb 23 '12 at 15:44
  • 1
    @Basti While that would work in some sense, you should have a more robust file/folder/framework structure based on much much more important things, and not to avoid an issue which should *never* be pushed out to live, such as "unexpected character from stupid coder". – James Nov 12 '14 at 20:05
  • @James: It really depends on how you handle bugs. If your customer has an issue with a smaller script, you could always turn on error reporting/display errors for your admin account only and test it live. But I agree with you all that it's best to turn these options off in the php.ini on the production server. – Basti Jun 08 '15 at 11:24
0

Use PHP error handling functions to handle errors. How you do it depends on your needs. This system will intercept all errors and forward it however you want it Or supress it if you ask it to do so

http://php.net/manual/en/book.errorfunc.php

Stewie
  • 3,103
  • 2
  • 24
  • 22
0

The best way is to build your script in a way it cannot create any errors! When there is something that can create a Notice or an Error there is something wrong with your script and the checking of variables and environment!

If you want to hide them anyway: ini_set('display_errors', 0);

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
TimWolla
  • 31,849
  • 8
  • 63
  • 96
  • 1
    For warnings, i'd agree with you. For notices, not so much. PHP likes to throw a notice at you if, for example, `$_POST['stuff']` isn't defined. Even if you expect it not to be most of the time, and are just seeing whether it's there and truthy. And `isset($_POST['stuff']) && $_POST['stuff']` is too wordy for most cases. `@$_POST['stuff']` works, but everybody seems to think it's evil. – cHao Feb 11 '12 at 18:44
  • 1
    I know my site scripts do work and that there are no errors, I am just doing this so if something does "hick up" or somebody is trying to tamper with it to make it cause an error that it wont do so. – Frank Feb 11 '12 at 18:51
  • @cHao Even for the `isset`-check you can define a function or a method ;) – TimWolla Feb 11 '12 at 19:01
  • @TimWolla: Psh. Cause i'm gonna go and define a function to check something simple like that, after i just complained that ~30 chars was too wordy. :) – cHao Feb 11 '12 at 19:10
-1

You'd need to edit the php.ini file.

There is a section on Error handling and logging. You should carefully read it and then set your values.

If you want to indiscriminately hide all values, you can set error reporting to none:

error_reporting = ~E_ALL

Eskay Amadeus
  • 275
  • 2
  • 11