Record the difference between PHP error logs display_errors and log_errors
- 2020-05-26 08:02:56
- OfStack
display_errors
Error echo, commonly used in development mode, but many applications forget to turn this option off in a formal environment. Error echo can expose a lot of sensitive information, which is convenient for the attacker to attack in the next step. It is recommended that this option be turned off.
display_errors = On
In the open state, if there is an error, an error will be reported and an error will appear
dispaly_errors = Off
In the closed state, if there is an error, it will prompt: server error. There will be no error
log_errors
Just use this in a formal setting and log the error message. Just in time to turn off error echo.
For PHP developers, once a product is in use, the first thing to do is to turn off the display_errors option to avoid being hacked because of the paths, database connections, data tables, and other information revealed by these errors.
Once a product is put into use, it is inevitable that there will be error messages, so how do you log this information that is very useful to developers?
Turn PHP's log_errors on. The default is to log to the WEB server's log file, such as error.log file of Apache.
You can also log errors to a specified file.
You can also set error_log = syslog to log these errors to the operating system.
display_errors = Off //display in Chinese means to display so display_error=off means not to display the error!
error_reporting sets the level of error message return
2047 I think it's E_ALL.
There are many configuration Settings in the php.ini file. You should have your php.ini file set up and put it in the appropriate directory, as shown in the documentation for installing PHP and Apache 2 on Linux (see resources). When debugging an PHP application, you should know two configuration variables. Here are the two variables and their default values:
display_errors = Off // close all error messages, and display all error messages when ON is ON.
error_reporting = E_ALL
E_ALL has everything from bad coding practices to harmless tips to errors. E_ALL is a bit too fine-grained for the development process, because it also shows hints on the screen for small things (such as variables not being initialized), which can mess up the browser's output
Therefore, it is not recommended to use 2047, and it is better to change the default value to: error_reporting = E_ALL & ~E_NOTICE
Resolution of display_errors = Off failure in PHP.ini
Question:
In the PHP Settings file php.ini, display_errors = Off has already been set to display_errors = Off, but an error message will still appear on the page during operation.
Solution:
After checking log_errors= On, according to the official statement, when the log_errors is set to On, then the error_log file must be specified. If the log_errors file is not specified or the specified file is not allowed to be written, then the display_errors file will still be output to the normal output channel. Then the display_errors specified Off will be invalid and the error message will still be printed out. So, log_errors = Off, and the problem is solved.
error_reporting (7) : set the level of error message return.
value constant
1 E_ERROR
2 E_WARNING
4 E_PARSE
8 E_NOTICE
16 E_CORE_ERROR
32 E_CORE_WARNING
64 E_COMPILE_ERROR
128 E_COMPILE_WARNING
256 E_USER_ERROR
512 E_USER_WARNING
1024 E_USER_NOTICE
2047 E_ALL
2048 E_STRICT
However, 7 = 1 + 2 + 4
This is to display 1 E_ERROR 2 E_WARNING 4 E_PARSE when something goes wrong
Error echo, commonly used in development mode, but many applications forget to turn this option off in a formal environment. Error echo can expose a lot of sensitive information, which is convenient for the attacker to attack in the next step. It is recommended that this option be turned off.
display_errors = On
In the open state, if there is an error, an error will be reported and an error will appear
dispaly_errors = Off
In the closed state, if there is an error, it will prompt: server error. There will be no error
log_errors
Just use this in a formal setting and log the error message. Just in time to turn off error echo.
For PHP developers, once a product is in use, the first thing to do is to turn off the display_errors option to avoid being hacked because of the paths, database connections, data tables, and other information revealed by these errors.
Once a product is put into use, it is inevitable that there will be error messages, so how do you log this information that is very useful to developers?
Turn PHP's log_errors on. The default is to log to the WEB server's log file, such as error.log file of Apache.
You can also log errors to a specified file.
# vim /etc/php.inidisplay_errors = Off
log_errors = On
error_log = /var/log/php-error.log
You can also set error_log = syslog to log these errors to the operating system.
display_errors = Off //display in Chinese means to display so display_error=off means not to display the error!
error_reporting sets the level of error message return
2047 I think it's E_ALL.
There are many configuration Settings in the php.ini file. You should have your php.ini file set up and put it in the appropriate directory, as shown in the documentation for installing PHP and Apache 2 on Linux (see resources). When debugging an PHP application, you should know two configuration variables. Here are the two variables and their default values:
display_errors = Off // close all error messages, and display all error messages when ON is ON.
error_reporting = E_ALL
E_ALL has everything from bad coding practices to harmless tips to errors. E_ALL is a bit too fine-grained for the development process, because it also shows hints on the screen for small things (such as variables not being initialized), which can mess up the browser's output
Therefore, it is not recommended to use 2047, and it is better to change the default value to: error_reporting = E_ALL & ~E_NOTICE
Resolution of display_errors = Off failure in PHP.ini
Question:
In the PHP Settings file php.ini, display_errors = Off has already been set to display_errors = Off, but an error message will still appear on the page during operation.
Solution:
After checking log_errors= On, according to the official statement, when the log_errors is set to On, then the error_log file must be specified. If the log_errors file is not specified or the specified file is not allowed to be written, then the display_errors file will still be output to the normal output channel. Then the display_errors specified Off will be invalid and the error message will still be printed out. So, log_errors = Off, and the problem is solved.
error_reporting (7) : set the level of error message return.
value constant
1 E_ERROR
2 E_WARNING
4 E_PARSE
8 E_NOTICE
16 E_CORE_ERROR
32 E_CORE_WARNING
64 E_COMPILE_ERROR
128 E_COMPILE_WARNING
256 E_USER_ERROR
512 E_USER_WARNING
1024 E_USER_NOTICE
2047 E_ALL
2048 E_STRICT
However, 7 = 1 + 2 + 4
This is to display 1 E_ERROR 2 E_WARNING 4 E_PARSE when something goes wrong
<?php
// Disable error reporting
error_reporting(0);
// Reporting runtime errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Report all errors
error_reporting(E_ALL);
?>