38

what are the best practises for hiding all php errors? As I don't want ERRORS to show to the user.

I've tried using the .htacess by putting the code php_flag display_errors off in there, but it returns me a 500 error.

Are there any other methods that will hide all errors?

Frank
  • 1,764
  • 8
  • 28
  • 43
  • `php_flag` only works if PHP is running as an Apache module. If you're running it via CGI or something, Apache doesn't know anything about that directive, so it throws an error. – cHao Feb 11 '12 at 18:39

6 Answers6

89

to Hide All Errors:

error_reporting(0);
ini_set('display_errors', 0);

to Show All Errors:

error_reporting(E_ALL);
ini_set('display_errors', 1);
Aditya P Bhatt
  • 20,351
  • 17
  • 80
  • 103
  • I tried this and It didnt work for me. Any idea what other factors could be preventing from hiding errors? – Taha Khan Dec 28 '20 at 23:48
10

Per the PHP documentation, put this at the top of your php scripts: 

<?php error_reporting(0); ?>

http://php.net/manual/en/function.error-reporting.php

If you do hide your errors, which you should in a live environment, make sure that you are logging any errors somewhere. How to log errors and warnings into a file? Otherwise, things will go wrong and you will have no idea why.

Community
  • 1
  • 1
john.w
  • 305
  • 4
  • 13
4

In your php file just enter this code:

error_reporting(0);

This will report no errors to the user. If you somehow want, then just comment this.

axiomer
  • 2,090
  • 1
  • 17
  • 26
  • 4
    Yeah..any error that happens before the script actually starts running (parse errors, syntax errors) won't be hidden by a call that happens after the script starts. If you really want to hide *everything*, you'd have to set `error_reporting = 0` in php.ini. But frankly, if you have a syntax error, that code shouldn't be in a live site anyway -- it'll never be able to work -- so it shouldn't matter. – cHao Feb 11 '12 at 18:52
  • or just have a separate file that just turns `error_reporting` off and `include`s your actual script. as long as the parser does not complain about the file, that turns `error_reporting` off, you will be ok, even if the parsing of the included files fails. – Basti Feb 23 '12 at 15:44
  • 1
    @Basti While that would work in some sense, you should have a more robust file/folder/framework structure based on much much more important things, and not to avoid an issue which should *never* be pushed out to live, such as "unexpected character from stupid coder". – James Nov 12 '14 at 20:05
  • @James: It really depends on how you handle bugs. If your customer has an issue with a smaller script, you could always turn on error reporting/display errors for your admin account only and test it live. But I agree with you all that it's best to turn these options off in the php.ini on the production server. – Basti Jun 08 '15 at 11:24
1

To hide errors only from users but displaying logs errors in apache log

error_reporting(E_ALL);
ini_set('display_errors', 0);

1 - Displaying error only in log
2 - hide from users

Dr Jay
  • 385
  • 1
  • 11
0

Use PHP error handling functions to handle errors. How you do it depends on your needs. This system will intercept all errors and forward it however you want it Or supress it if you ask it to do so

http://php.net/manual/en/book.errorfunc.php

Stewie
  • 3,073
  • 2
  • 21
  • 21
0

The best way is to build your script in a way it cannot create any errors! When there is something that can create a Notice or an Error there is something wrong with your script and the checking of variables and environment!

If you want to hide them anyway: error_reporting(0);

TimWolla
  • 30,523
  • 8
  • 64
  • 89
  • 1
    For warnings, i'd agree with you. For notices, not so much. PHP likes to throw a notice at you if, for example, `$_POST['stuff']` isn't defined. Even if you expect it not to be most of the time, and are just seeing whether it's there and truthy. And `isset($_POST['stuff']) && $_POST['stuff']` is too wordy for most cases. `@$_POST['stuff']` works, but everybody seems to think it's evil. – cHao Feb 11 '12 at 18:44
  • 1
    I know my site scripts do work and that there are no errors, I am just doing this so if something does "hick up" or somebody is trying to tamper with it to make it cause an error that it wont do so. – Frank Feb 11 '12 at 18:51
  • @cHao Even for the `isset`-check you can define a function or a method ;) – TimWolla Feb 11 '12 at 19:01
  • @TimWolla: Psh. Cause i'm gonna go and define a function to check something simple like that, after i just complained that ~30 chars was too wordy. :) – cHao Feb 11 '12 at 19:10