Spend some time experimenting with the various levels
during the development process, at least until you??™re well aware of the various types
of reporting data that each configuration provides.
Displaying Errors to the Browser
Enabling the display_errors directive results in the display of any errors meeting the
criteria defined by error_reporting. You should have this directive enabled only
during testing and keep it disabled when the site is live. The display of such messages
not only is likely to further confuse the end user but could also provide more information
about your application/server than you might like to make available. For example,
suppose you are using a flat file to store newsletter subscriber e-mail addresses. Due
216 CHAPTER 8 ?– ERRO R AND EXCEPTION HANDL ING
to a permissions misconfiguration, the application could not write to the file. Yet rather
than catch the error and offer a user-friendly response, you instead opt to allow PHP
to report the matter to the end user. The displayed error would look something like this:
Warning: fopen(subscribers.txt): failed to open stream: Permission denied in
/home/www/htdocs/ 8/displayerrors.php on line 3
Granted, you??™ve already broken a cardinal rule by placing a sensitive file within the
document root tree, but now you??™ve greatly exacerbated the problem by informing
the user of the exact location and name of the file.
Pages:
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293