PHP Production Server - Turn on Error Messages

PHP production server - turn on error messages

To enable errors, you must use error_reporting before the point where those are triggered (for example, at the beginning of your PHP script) :

error_reporting(E_ALL);

And to have the error displayed, you should configure display_errors :

ini_set('display_errors', 'On');

(This one should be disabled on a production server, which means you might have to enable it this way, even after having configured error_reporting)

Of course, all this can be encapsulated in an if block, to make sure only you can see the error messages -- especially if you are doing this on a live production website ; for instance :

if ($_SESSION['is_admin'])
{
    error_reporting(E_ALL);
    ini_set('display_errors', 'On');
}

And to get things a bit prettier, you might also want to configure html_errors :

ini_set('html_errors', 'On');

Turn off or handle errors within a production environment?

Sorry, this is not a definite solution, but after several years of trial and error, I came up with the following practices, which are just my own, and work pretty well:

1 - Never use @ to suppress errors. Never use anything to blindly hide or ignore all errors. ALL errors are important, no error should be ignored.

2 - Do as RafaSashi suggested, turn on error logging and turn off display errors.

3 - Activate ALL error reporting, by using error_reporting = 2147483647 in PHP.INI. That will make PHP very picky with anything you may do wrongly, helping you learn more and stay up to date with future language deprecations and changes.

4 - You can also create you own error logging, to log exactly what you want, the way you want. Look up the manual for error_log(). If you use it, you can even turn looging off, and start logging manually, that will give you full control of PHP's error logging system.

5 - I use OOP in all my PHP code, so I use exceptions everywhere, and I recommend the same for everyone. They're light-years ahead of simply error handling. Use this code to intercept all errors in your code and throw them as exceptions:

set_error_handler('ErrorHandler');
function ErrorHandler($Code, $Message)
{
  throw new Exception($Message, $Code);
}

6 - Not showing ANY errors to the user is simply non-sense. Some errors should be shown, some should be hidden, and some should be shown as a generic issue (don't tell the user exactly what the problem is).

a) Errors that should be shown: everything caused by the user, like invalid form input or wrong behavior. This is quite obvious, but should be mentioned.

b) Errors that should be hidden: hide only the errors your code can handle and correct. For example, you can do a DB connection, and if it fails, you can try again. If the second attempt succeeds, go ahead, no one should ever know the first try failed. Just log it if you want, using error_log(). Sometimes, variables don't exist yet, so check this with isset(), and initialize them if needed. No need to report this as an error too.

c) Errors that should be shown as generic: most errors will fall in this category. You will not show the user things like PHP memory exhausted, or that a SMTP server is offline, or that a DB connection was refused. Just learn how to wrap dangerous code with a try, use a catch to capture any error, and convert the message to something you can show to the user. Example:

try
{
  // Dangerous code ahead: we will try to connect to the database, but it 
  // can be offline.
  $mysqli = new mysqli("localhost", "user", "password", "database");
}
catch(Exception $e)
{
  // If we're here, something bad happened during connection. Let's handle it.

  // Notify staff, log error, do anything you can to get someone to quickly 
  // check the issue.
  SendMailAdmin("Database connection Error, check ASAP.");
  error_log("Database connection Error, check ASAP.");

  // And show the user some message. You don't need to tell him about any 
  // detail regarding what truly caused the error.
  die("A problem occurred in our servers. Our technical staff has been notified, 
      please try again in a few minutes.");
}

// If we're here, everything worked fine, so do your DB query and so on....

Instead of a die(), you can use what you see fit: re-throw as another exception, do a header redirect to a generic error message or whatever you want.

7 - This is more advanced, but you can do it also: create you own exception hierarchy, like this:

class MVXException extends Exception {}
    class ExMVXDB extends MVXException {}
      class ExMVXDBRead extends ExMVXDB { }
      class ExMVXDBWrite extends ExMVXDB { }
      class ExMVXDBNotFound extends ExMVXDB { }

This is a simplification of the exceptions tree I have in my self-made framework. The beauty of this is that if you do a catch(ExMVXDB $e), you will catch ALL DB errors. But if you want to catch only a data writing operation, you can do a catch(ExMVXDBWrite $e).

That's it. Error handling is not simple, and there's no direct answer, but there are plenty of tools and good practices to help you choose what's best for you.

Best way to suppress php errors on production servers

The best way is to log your errors instead of displaying or ignoring them.

This example will log the errors to syslog instead of displaying them in the browser.

ini_set("display_errors", 0);
ini_set("log_errors", 1);

//Define where do you want the log to go, syslog or a file of your liking with
ini_set("error_log", "syslog"); // or ini_set("error_log", "/path/to/syslog/file");

PHP Error Reporting Production vs Development

Quoting the php-production.ini that should have come bundled with your PHP:

; PHP comes packaged with two INI files. One that is recommended to be used
; in production environments and one that is recommended to be used in
; development environments.

; php.ini-production contains settings which hold security, performance and
; best practices at its core. But please be aware, these settings may break
; compatibility with older or less security conscience applications. We
; recommending using the production ini in production and testing environments.

and further

; display_errors
;   Default Value: On
;   Development Value: On
;   Production Value: Off

; display_startup_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: Off

; error_reporting
;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
;   Development Value: E_ALL
;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT

; html_errors
;   Default Value: On
;   Development Value: On
;   Production value: On

; log_errors
;   Default Value: Off
;   Development Value: On
;   Production Value: On

Since you asked for best practise, I suggest you go with that.

How can I make PHP display the error instead of giving me 500 Internal Server Error

Check the error_reporting, display_errors and display_startup_errors settings in your php.ini file. They should be set to E_ALL and "On" respectively (though you should not use display_errors on a production server, so disable this and use log_errors instead if/when you deploy it). You can also change these settings (except display_startup_errors) at the very beginning of your script to set them at runtime (though you may not catch all errors this way):

error_reporting(E_ALL);
ini_set('display_errors', 'On');

After that, restart server.

How do I get PHP errors to display?

This always works for me:

ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);

However, this doesn't make PHP to show parse errors - the only way to show those errors is to modify your php.ini with this line:

display_errors = on

(if you don't have access to php.ini, then putting this line in .htaccess might work too):

php_flag display_errors 1

How can I make PHP display the error instead of giving me 500 Internal Server Error NGINX + PHP7

What you placed at the top of your PHP.INI file is what you would use in an actual .php file to turn on error reporting / show errors on a per file bases. You do not add that to your PHP.INI file.

Example of use in a .php file:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 'On');

If you search your PHP.INI file you will find error_reporting = E_ALL, and display_errors = On are set.

Notice the definitions in the PHP.INI file:

; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; For production environments, we recommend logging errors rather than
; sending them to STDOUT.
; Possible Values:
;   Off = Do not display any errors
;   stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
;   On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = On

You should not display errors in a production environment. You don't want to reveal any extra information to any potential hackers. Also these errors will mean nothing to your users. You should just show a generic error page and log all your errors for your review.

In a development environment I would have them all on and display_startup_errors = On.

I see log_errors = On so you should be getting your error messages logged to:
/var/log/nginx/default-error.log. I suggest looking there to find your issue after you fix your PHP.INI file.

Turn off display errors using file php.ini

I always use something like this in a configuration file:

// Toggle this to change the setting
define('DEBUG', true);

// You want all errors to be triggered
error_reporting(E_ALL);

if(DEBUG == true)
{
    // You're developing, so you want all errors to be shown
    display_errors(true);

    // Logging is usually overkill during development
    log_errors(false);
}
else
{
    // You don't want to display errors on a production environment
    display_errors(false);

    // You definitely want to log any occurring
    log_errors(true);
}

This allows easy toggling between debug settings. You can improve this further by checking on which server the code is running (development, test, acceptance, and production) and change your settings accordingly.

Note that no errors will be logged if error_reporting is set to 0, as cleverly remarked by Korri.

How can I get useful error messages in PHP?

For syntax errors, you need to enable error display in the php.ini. By default these are turned off because you don't want a "customer" seeing the error messages. Check this page in the PHP documentation for information on the 2 directives: error_reporting and display_errors. display_errors is probably the one you want to change. If you can't modify the php.ini, you can also add the following lines to an .htaccess file:

php_flag  display_errors        on
php_value error_reporting       2039

You may want to consider using the value of E_ALL (as mentioned by Gumbo) for your version of PHP for error_reporting to get all of the errors. more info

3 other items: (1) You can check the error log file as it will have all of the errors (unless logging has been disabled). (2) Adding the following 2 lines will help you debug errors that are not syntax errors:

error_reporting(-1);
ini_set('display_errors', 'On');

(3) Another option is to use an editor that checks for errors when you type, such as PhpEd. PhpEd also comes with a debugger which can provide more detailed information. (The PhpEd debugger is very similar to xdebug and integrates directly into the editor so you use 1 program to do everything.)

Cartman's link is also very good: http://www.ibm.com/developerworks/library/os-debug/

---

Related Topics