PHP has some very nice error reporting features, which can tell you many things about the code that you are trying to execute. This error reporting is always nice to have available when debugging code as it helps you solve many of the common mistakes that occur when creating dynamic web pages.
However, this error reporting is almost always turned off on production servers as it can reveal information about the server that you wouldn’t want everyone to see. For example, the errors can reveal information about server file structure, database fields in queries, database usernames, $_GET and $_POST commands and so on.
So what happens when you are working on a server that has error reporting turned off? How can you view any of the errors without risking the security of the system? There are a few ways in which to turn on error reporting without altering the php.ini file and restarting the server. Note that this article describes error reporting and is not intended to describe error handling or triggering of custom errors.
You can set many of the values in the php.ini file by using the ini_set() function. It has the following syntax:
string ini_set( string varname, string newvalue )
This sets the configuration directive with the value in the second parameter. The function returns the previous configuration option as a string. If you want to know what the current value of the varname is then you can use the ini_get function as follows:
string ini_get( string varname )
This returns the current value of the configuration directive, as set in the php.ini file.
To turn on error reporting you need to use two of the configuration directives together, error_reporing to report the errors and display_errors to actually display them. See Appendix A for a list of the configuration directives to do with errors.
Here is an example of ini_set in use.
- ini_set('error_reporting', E_ALL & ~E_NOTICE);
- /* more code */
- include('foo.bar'); // non existent file – causes warning
The E_ALL and E_NOTICE are values are constants; see Appendix B for a list of all of the available constant values.
Setting error reporting at runtime has a couple of limitations. though display_errors may be set at runtime (with ini_set()), it won't have any affect if the script has fatal errors. This is because the desired runtime action does not get executed. So when the code has a syntax error or a fatal error it simply stops and displays a blank screen. So to get around this you can set the configuration directives at the top of one file and include the file you want to test below it, this will display all errors on the include.
- ini_set ('error_reporting', E_ALL & ~E_NOTICE);
- ini_set ('display_errors',1);
This function does the same thing as setting the two configuration directives used in the last method. It just provides a simple mechanism of setting the level of error, but you will still need to use the display_errors directive to actually display the errors if this has been turned off in the php.ini file.
If you don’t want to mess about with changing any configuration directives you can use the error_get_last function. It returns an associative array containing a list of the errors that occurred during code execution. Here is an example of its use.
- echo $a;
- echo "<pre>";
- echo "</pre>";
This will print out the following information.
- [type] => 8
- [message] => Undefined variable: a
- [file] => C:\htdocs\test.php
- [line] => 2
Although this function can be useful it does have its limitations. For example it can only be used to print off warnings and notices as fatal errors will just stop the script and never call this function.
debug_backtrace() and debug_print_backtrace()
These functions are mentioned here as they are quite useful for seeing where a program is going wrong if it generates no errors.
This function has been available since PHP 4 and is used to generate a back trace of program execution. It returns an associative array containing a bunch of variables to do with any functions that have been executed. This includes system functions such as include() and strstr().
Only available since PHP 5 this function prints a back trace. This is basically a list of the function calls, included or required files and eval()ed stuff.
A little known option with Apache is to set PHP configuration directives at runtime through .htaccess file useage. There are two options available depending on the value that you are trying to change. The php_flag option is used if the configuration option has a boolean data type. The php_value option is used if the configuration option has an integer or string data type. The format is as follows:
- php_flag configuration_name on|off
- php_value configuration_name value
So to display errors in a script just include a .htaccess file in the same directory containing the following:
- php_value error_reporting 8191
- php_flag display_errors on
Note that in order to turn error reporting on you need to use the value and not the constant as Apache has no knowledge of the constants that PHP contains.