PHP error_reporting vs. display_errors

StackOverflow https://stackoverflow.com/questions/23436568

  •  14-07-2023
  •  | 
  •  

Question

Is error_reporting(0) same as ini_set('display_errors', 0)? If not, what is the difference?

I'm also interested in security side of this code? Can I achieve 'so malicious users can't probe' with this?

Was it helpful?

Solution

They are NOT the same, but in your use may have the same outcome.

  1. error_reporting is the level of reporting, NONE through ALL. This determines what types of errors are reported (E_NOTICE, E_WARNING, E_ALL, etc..).

  2. display_errors is whether to display those errors (output to browser, CLI, etc...) that are reported from 1.

If you set error_reporting(E_ALL) and ini_set('display_errors', '0') you can still get all errors reported in the log file but not displayed.

With error_reporting(0) you don't get any errors displayed or in the log and it doesn't matter the values of display_errors.

display_errors should be off in your production applications, preferably in php.ini so that information such as file paths, database names and usernames are not shown. Error reporting sent to the log is beneficial and should not be a security concern.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top