 |
Displaying errors with PHP |
|||||||||||||||
| ||||||||||||||||
 | Web Site Hosting | Web Design | Broadband/Access | E-Mail Solutions | Accept Credit Cards | Hosting Support |  | |
 | ||||||||
To enhance the security of your web site and our servers, PHP has been modified to disable the display of error messages in web browsers. To view any warnings and debugging messages from PHP, you will need to use the guidelines mentioned in this document.
PHP Version 4
For PHP version 4, we have globally set the PHP option for displaying errors as follows:
display_errors = Off
If you are developing PHP scripts and see a blank page in your browser, we recommended you insert the following code into the top of your script for debugging purposes:
<?
ini_set('display_errors','1');
....php script....
?>
When you have completed the development and debugging of your script, we highly advise that you remove the following line from your code:
ini_set('display_errors','1');
By removing the above-mentioned line, errors will no longer display potentially sensitive information about your hosting account to a web browser. Such information could allow computer hackers to gather information about the structure of your web site and the script itself. They could then try to exploit that information in order to gain unauthorized access to your web site.
Syntax Errors (Parsing Errors)
Note: with display_errors set to off, some people may not be able to view all warnings and errors in their PHP scripts. This can occur even if they have included the code examples that we have provided above. This is due to how PHP tries to parse a script before it begins any execution of the PHP code. If there are parsing errors (a.k.a. syntax errors) in the script, the command that we describe above will never be executed and PHP will return a blank page with no errors. This happens, of course, because we have globally turned off the displaying of errors.
To fix error message-related issue, we have developed a simple debugging script, DEBUG.PHP. This script is to be used by those persons who believe that they may not be seeing all debugging errors and warnings. Our DEBUG.PHP script is provided for you in the The DEBUG.PHP Script section of this document.
When you run our debugging script, a form will ask for the name of the file on your site that you want to debug. Simply enter the filename and click "Debug!". Our debug script will then open the requested file and display all errors and warnings.
Note that our debugging script is to be used only for one purpose: debugging. To prevent unauthorized access to your web site, we recommend that you remove our script from your site if you are not actively using the script. Additionally, we ask that you do not alter the code in our DEBUG.PHP script. Altering its code could result in the disabling of safeguards within it that help to maintain the security of your and other web sites.
The DEBUG.PHP Script
Below is our DEBUG.PHP script. Feel free to use it to debug your PHP scripts as necessary:
<?
// Turn on display_errors
ini_set('display_errors','1');
// Display ALL errors including notices
error_reporting (E_ALL);
if(isset($filename)) {
// Strip off any dot dot slashes
$filename = preg_replace("/\.\.\//", "", $filename);
// Strip off and leading slashes
$filename = preg_replace("/^\//", "", $filename);
}
?>
<html>
<head>
<title>PHP Debugger!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="debug" method="post" action="<?$PHP_SELF?>">
<table width="500" border="0" align="center">
<tr>
<td colspan="2">Enter the name of the file you would like to debug below. This
debug script will attempt to include the file, execute it, and display any errors
and notices. This filename should be relative to your web site's root directory.</td>
</tr>
<tr>
<td width="121"><div align="right">Filename:</div></td>
<td width="369"><input name="filename" type="text" id="filename"
<?
if(isset($filename)) {
// Display the filename we are working with if defined
echo "value=\"$filename\"";
}
?>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Debug!"></td>
</tr>
</table>
</form>
<hr>
<?
if(isset($filename)) {
// Display the filename
echo "<p align=center>Evaluating $filename</p>";
// Include the specified file for debugging
include $_ENV['DOCUMENT_ROOT'] . "/$filename";
}
?>
<hr>
</body>
</html>
Please note: the information on this page applies to ITS web hosting plans. It may or may not apply to other environments. If you are looking for a feature described here, or better support from your hosting provider, please consider hosting your site with ITS!
Copyright © 1996-2008, Integrated Technical Solutions, Inc., all rights reserved. See Terms/Legal for trademarks, copyright, and terms of use.
Naperville, IL 60563
fax 630.420.2771