Production websites should not have big ugly php errors. If you leave display_errors on you are asking for trouble. Even worse is when this mistake is made on a site frequented by geeks of all flavors. PHP already has a “bad rap” for security (deserved or not).

The latest site to be a perpetrator of this problem? http://www.dilbert.com/ home of the great comic. (thanks to Pierre for pointing it out) But please, turn display_errors off and log them!

- here’s a pretty look at the site, recorded for posterity by webthumb.

I like to set up “environments” in my applications that deal with things like display_errors and other ini settings that can be altered at runtime that I want changed depending on if I’m debugging, testing, or deploying the application.

What’s your favorite PHP website error story?

Edit: I’ve found a couple of linkbacks saying things like “oh you shouldn’t turn errors off you should fix them” - I think you missed the point. I’m not advocating turning ERRORS off, I’m saying on a production site don’t be stupid and show them to the user - hence display_errors should be off (see, display_errors not error_reporting…errr duh). Log your errors people!

This entry was posted on Friday, April 18th, 2008 at 9:00 am and is filed under PHP5. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.