47

what are the best practises for hiding all php errors? As I don't want ERRORS to show to the user.

I've tried using the .htacess by putting the code php_flag display_errors off in there, but it returns me a 500 error.

Are there any other methods that will hide all errors?

Improve this question
1
  • 1
    php_flag only works if PHP is running as an Apache module. If you're running it via CGI or something, Apache doesn't know anything about that directive, so it throws an error. Commented Feb 11, 2012 at 18:39

7 Answers 7

Reset to default
103

PHP has a configuration directive intended exactly for that, called display_errors. Like any other configuration setting, it's best to be set in php.ini. But in case you don't have access to this file, you can set it right in PHP code

to Hide All Errors:

ini_set('display_errors', 0);

to Show All Errors:

ini_set('display_errors', 1);

While ERROR_REPORTING value, which is often mistakenly taken responsible for hiding errors, should be kept at E_ALL all the time, so errors could be logged on the server.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I tried this and It didnt work for me. Any idea what other factors could be preventing from hiding errors?
11

Per the PHP documentation, put this at the top of your php scripts:

<?php ini_set('display_errors', 0); ?>

If you do hide your errors, which you should in a live environment, make sure that you are logging any errors somewhere. How do I log errors and warnings into a file? Otherwise, things will go wrong and you will have no idea why.

Improve this answer

Comments

4

In your php file just enter this code:

ini_set('display_errors', 0);

This will report no errors to the user. If you somehow want, then just comment this.

Improve this answer

4 Comments

Yeah..any error that happens before the script actually starts running (parse errors, syntax errors) won't be hidden by a call that happens after the script starts. If you really want to hide everything, you'd have to set error_reporting = 0 in php.ini. But frankly, if you have a syntax error, that code shouldn't be in a live site anyway -- it'll never be able to work -- so it shouldn't matter.
or just have a separate file that just turns error_reporting off and includes your actual script. as long as the parser does not complain about the file, that turns error_reporting off, you will be ok, even if the parsing of the included files fails.
@Basti While that would work in some sense, you should have a more robust file/folder/framework structure based on much much more important things, and not to avoid an issue which should never be pushed out to live, such as "unexpected character from stupid coder".
@James: It really depends on how you handle bugs. If your customer has an issue with a smaller script, you could always turn on error reporting/display errors for your admin account only and test it live. But I agree with you all that it's best to turn these options off in the php.ini on the production server.
3

To hide errors only from users but displaying logs errors in apache log

error_reporting(E_ALL);
ini_set('display_errors', 0);

1 - Displaying error only in log
2 - hide from users

Improve this answer

Comments

0

Use PHP error handling functions to handle errors. How you do it depends on your needs. This system will intercept all errors and forward it however you want it Or supress it if you ask it to do so

http://php.net/manual/en/book.errorfunc.php

Improve this answer

Comments

0

The best way is to build your script in a way it cannot create any errors! When there is something that can create a Notice or an Error there is something wrong with your script and the checking of variables and environment!

If you want to hide them anyway: ini_set('display_errors', 0);

Improve this answer

4 Comments

For warnings, i'd agree with you. For notices, not so much. PHP likes to throw a notice at you if, for example, $_POST['stuff'] isn't defined. Even if you expect it not to be most of the time, and are just seeing whether it's there and truthy. And isset($_POST['stuff']) && $_POST['stuff'] is too wordy for most cases. @$_POST['stuff'] works, but everybody seems to think it's evil.
I know my site scripts do work and that there are no errors, I am just doing this so if something does "hick up" or somebody is trying to tamper with it to make it cause an error that it wont do so.
@cHao Even for the isset-check you can define a function or a method ;)
@TimWolla: Psh. Cause i'm gonna go and define a function to check something simple like that, after i just complained that ~30 chars was too wordy. :)
-2

You'd need to edit the php.ini file.

There is a section on Error handling and logging. You should carefully read it and then set your values.

If you want to indiscriminately hide all values, you can set error reporting to none:

error_reporting = ~E_ALL

Improve this answer

3 Comments

The question is how to HIDE, not how to turn off!
@YourCommonSense and you think this answer won't be helpful to someone out there? Interesting how you're moderating everyone's answer, but you haven't posted your own answer to the question.
Of course it won't! Turning off error reporting is a crime!

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.