PHP: Error Reporting

<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>PHP: Error Reporting - Manual </title> <link rel="icon" type="image/svg+xml" sizes="any" href="https://www.php.net/favicon.svg?v=2"> <link rel="icon" type="image/png" sizes="196x196" href="https://www.php.net/favicon-196x196.png?v=2"> <link rel="icon" type="image/png" sizes="32x32" href="https://www.php.net/favicon-32x32.png?v=2"> <link rel="icon" type="image/png" sizes="16x16" href="https://www.php.net/favicon-16x16.png?v=2"> <link rel="shortcut icon" href="https://www.php.net/favicon.ico?v=2"> <link rel="search" type="application/opensearchdescription+xml" href="http://php.net/phpnetimprovedsearch.src" title="Add PHP.net search"> <link rel="alternate" type="application/atom+xml" href="https://www.php.net/releases/feed.php" title="PHP Release feed"> <link rel="alternate" type="application/atom+xml" href="https://www.php.net/feed.atom" title="PHP: Hypertext Preprocessor"> <link rel="canonical" href="https://www.php.net/manual/en/security.errors.php"> <link rel="shorturl" href="https://www.php.net/manual/en/security.errors.php"> <link rel="alternate" href="https://www.php.net/manual/en/security.errors.php" hreflang="x-default"> <link rel="contents" href="https://www.php.net/manual/en/index.php"> <link rel="index" href="https://www.php.net/manual/en/security.php"> <link rel="prev" href="https://www.php.net/manual/en/security.database.sql-injection.php"> <link rel="next" href="https://www.php.net/manual/en/security.variables.php"> <link rel="alternate" href="https://www.php.net/manual/en/security.errors.php" hreflang="en"> <link rel="alternate" href="https://www.php.net/manual/de/security.errors.php" hreflang="de"> <link rel="alternate" href="https://www.php.net/manual/es/security.errors.php" hreflang="es"> <link rel="alternate" href="https://www.php.net/manual/fr/security.errors.php" hreflang="fr"> <link rel="alternate" href="https://www.php.net/manual/it/security.errors.php" hreflang="it"> <link rel="alternate" href="https://www.php.net/manual/ja/security.errors.php" hreflang="ja"> <link rel="alternate" href="https://www.php.net/manual/pt_BR/security.errors.php" hreflang="pt_BR"> <link rel="alternate" href="https://www.php.net/manual/ru/security.errors.php" hreflang="ru"> <link rel="alternate" href="https://www.php.net/manual/tr/security.errors.php" hreflang="tr"> <link rel="alternate" href="https://www.php.net/manual/uk/security.errors.php" hreflang="uk"> <link rel="alternate" href="https://www.php.net/manual/zh/security.errors.php" hreflang="zh"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&f=/fonts/Fira/fira.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1707321815&f=/fonts/Font-Awesome/css/fontello.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1732428602&f=/styles/theme-base.css" media="screen"> <link rel="stylesheet" type="text/css" href="/cached.php?t=1730558402&f=/styles/theme-medium.css" media="screen"> <base href="https://www.php.net/manual/en/security.errors.php"> <meta name="Description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:site" content="@official_php" /> <meta name="twitter:title" content="PHP: Hypertext Preprocessor" /> <meta name="twitter:description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta name="twitter:creator" content="@official_php" /> <meta name="twitter:image:src" content="https://www.php.net/images/meta-image.png" /> <meta itemprop="name" content="PHP: Hypertext Preprocessor" /> <meta itemprop="description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <meta itemprop="image" content="https://www.php.net/images/meta-image.png" /> <meta property="og:image" content="https://www.php.net/images/meta-image.png" /> <meta property="og:description" content="PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world." /> <link href="https://fosstodon.org/@php" rel="me" /> </head> <body class="docs "> <nav class="navbar navbar-fixed-top"> <div class="navbar__inner"> <a href="/" aria-label="PHP Home" class="navbar__brand"> <img src="/images/logos/php-logo-white.svg" aria-hidden="true" width="80" height="40" > </a> <div id="navbar__offcanvas" tabindex="-1" class="navbar__offcanvas" aria-label="Menu" > <button id="navbar__close-button" class="navbar__icon-item navbar_icon-item--visually-aligned navbar__close-button" > <svg xmlns="http://www.w3.org/2000/svg" width="24" viewBox="0 0 24 24" fill="currentColor"><path d="M19,6.41L17.59,5L12,10.59L6.41,5L5,6.41L10.59,12L5,17.59L6.41,19L12,13.41L17.59,19L19,17.59L13.41,12L19,6.41Z" /></svg> </button> <ul class="navbar__nav"> <li class="navbar__item"> <a href="/downloads.php" class="navbar__link " > Downloads </a> </li> <li class="navbar__item"> <a href="/docs.php" aria-current="page" class="navbar__link navbar__link--active " > Documentation </a> </li> <li class="navbar__item"> <a href="/get-involved.php" class="navbar__link " > Get Involved </a> </li> <li class="navbar__item"> <a href="/support.php" class="navbar__link " > Help </a> </li> <li class="navbar__item"> <a href="/releases/8.4/index.php" class="navbar__link navbar__release" > <img src="/images/php8/logo_php8_4.svg" alt="PHP 8.4"> </a> </li> </ul> </div> <div class="navbar__right">  <form action="/manual-lookup.php" class="navbar__search-form" > <label for="navbar__search-input" aria-label="Search docs"> <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </label> <input type="search" name="pattern" id="navbar__search-input" class="navbar__search-input" placeholder="Search docs" accesskey="s" > <input type="hidden" name="scope" value="quickref"> </form>  <button id="navbar__search-button" class="navbar__search-button" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> Search docs </button>  <a id="navbar__search-link" href="/lookup-form.php" aria-label="Search docs" class="navbar__icon-item navbar__search-link" > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </a> <a id="navbar__menu-link" href="/menu.php" aria-label="Menu" class="navbar__icon-item navbar_icon-item--visually-aligned navbar_menu-link" > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="currentColor" > <path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" /> </svg> </a>  <button id="navbar__search-button-mobile" aria-label="Search docs" class="navbar__icon-item navbar__search-button-mobile" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </button> <button id="navbar__menu-button" aria-label="Menu" class="navbar__icon-item navbar_icon-item--visually-aligned" hidden > <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="currentColor" > <path d="M3,6H21V8H3V6M3,11H21V13H3V11M3,16H21V18H3V16Z" /> </svg> </button> </div> <div id="navbar__backdrop" class="navbar__backdrop" ></div> </div> <div id="flash-message"></div> </nav> <div class="headsup"><a href='/index.php#2024-11-21-4'>PHP 8.4.1 Released!</a></div> <nav id="trick"><div><dl> <dt><a href='/manual/en/getting-started.php'>Getting Started</a></dt> <dd><a href='/manual/en/introduction.php'>Introduction</a></dd> <dd><a href='/manual/en/tutorial.php'>A simple tutorial</a></dd> <dt><a href='/manual/en/langref.php'>Language Reference</a></dt> <dd><a href='/manual/en/language.basic-syntax.php'>Basic syntax</a></dd> <dd><a href='/manual/en/language.types.php'>Types</a></dd> <dd><a href='/manual/en/language.variables.php'>Variables</a></dd> <dd><a href='/manual/en/language.constants.php'>Constants</a></dd> <dd><a href='/manual/en/language.expressions.php'>Expressions</a></dd> <dd><a href='/manual/en/language.operators.php'>Operators</a></dd> <dd><a href='/manual/en/language.control-structures.php'>Control Structures</a></dd> <dd><a href='/manual/en/language.functions.php'>Functions</a></dd> <dd><a href='/manual/en/language.oop5.php'>Classes and Objects</a></dd> <dd><a href='/manual/en/language.namespaces.php'>Namespaces</a></dd> <dd><a href='/manual/en/language.enumerations.php'>Enumerations</a></dd> <dd><a href='/manual/en/language.errors.php'>Errors</a></dd> <dd><a href='/manual/en/language.exceptions.php'>Exceptions</a></dd> <dd><a href='/manual/en/language.fibers.php'>Fibers</a></dd> <dd><a href='/manual/en/language.generators.php'>Generators</a></dd> <dd><a href='/manual/en/language.attributes.php'>Attributes</a></dd> <dd><a href='/manual/en/language.references.php'>References Explained</a></dd> <dd><a href='/manual/en/reserved.variables.php'>Predefined Variables</a></dd> <dd><a href='/manual/en/reserved.exceptions.php'>Predefined Exceptions</a></dd> <dd><a href='/manual/en/reserved.interfaces.php'>Predefined Interfaces and Classes</a></dd> <dd><a href='/manual/en/reserved.attributes.php'>Predefined Attributes</a></dd> <dd><a href='/manual/en/context.php'>Context options and parameters</a></dd> <dd><a href='/manual/en/wrappers.php'>Supported Protocols and Wrappers</a></dd> </dl> <dl> <dt><a href='/manual/en/security.php'>Security</a></dt> <dd><a href='/manual/en/security.intro.php'>Introduction</a></dd> <dd><a href='/manual/en/security.general.php'>General considerations</a></dd> <dd><a href='/manual/en/security.cgi-bin.php'>Installed as CGI binary</a></dd> <dd><a href='/manual/en/security.apache.php'>Installed as an Apache module</a></dd> <dd><a href='/manual/en/security.sessions.php'>Session Security</a></dd> <dd><a href='/manual/en/security.filesystem.php'>Filesystem Security</a></dd> <dd><a href='/manual/en/security.database.php'>Database Security</a></dd> <dd><a href='/manual/en/security.errors.php'>Error Reporting</a></dd> <dd><a href='/manual/en/security.variables.php'>User Submitted Data</a></dd> <dd><a href='/manual/en/security.hiding.php'>Hiding PHP</a></dd> <dd><a href='/manual/en/security.current.php'>Keeping Current</a></dd> <dt><a href='/manual/en/features.php'>Features</a></dt> <dd><a href='/manual/en/features.http-auth.php'>HTTP authentication with PHP</a></dd> <dd><a href='/manual/en/features.cookies.php'>Cookies</a></dd> <dd><a href='/manual/en/features.sessions.php'>Sessions</a></dd> <dd><a href='/manual/en/features.file-upload.php'>Handling file uploads</a></dd> <dd><a href='/manual/en/features.remote-files.php'>Using remote files</a></dd> <dd><a href='/manual/en/features.connection-handling.php'>Connection handling</a></dd> <dd><a href='/manual/en/features.persistent-connections.php'>Persistent Database Connections</a></dd> <dd><a href='/manual/en/features.commandline.php'>Command line usage</a></dd> <dd><a href='/manual/en/features.gc.php'>Garbage Collection</a></dd> <dd><a href='/manual/en/features.dtrace.php'>DTrace Dynamic Tracing</a></dd> </dl> <dl> <dt><a href='/manual/en/funcref.php'>Function Reference</a></dt> <dd><a href='/manual/en/refs.basic.php.php'>Affecting PHP's Behaviour</a></dd> <dd><a href='/manual/en/refs.utilspec.audio.php'>Audio Formats Manipulation</a></dd> <dd><a href='/manual/en/refs.remote.auth.php'>Authentication Services</a></dd> <dd><a href='/manual/en/refs.utilspec.cmdline.php'>Command Line Specific Extensions</a></dd> <dd><a href='/manual/en/refs.compression.php'>Compression and Archive Extensions</a></dd> <dd><a href='/manual/en/refs.crypto.php'>Cryptography Extensions</a></dd> <dd><a href='/manual/en/refs.database.php'>Database Extensions</a></dd> <dd><a href='/manual/en/refs.calendar.php'>Date and Time Related Extensions</a></dd> <dd><a href='/manual/en/refs.fileprocess.file.php'>File System Related Extensions</a></dd> <dd><a href='/manual/en/refs.international.php'>Human Language and Character Encoding Support</a></dd> <dd><a href='/manual/en/refs.utilspec.image.php'>Image Processing and Generation</a></dd> <dd><a href='/manual/en/refs.remote.mail.php'>Mail Related Extensions</a></dd> <dd><a href='/manual/en/refs.math.php'>Mathematical Extensions</a></dd> <dd><a href='/manual/en/refs.utilspec.nontext.php'>Non-Text MIME Output</a></dd> <dd><a href='/manual/en/refs.fileprocess.process.php'>Process Control Extensions</a></dd> <dd><a href='/manual/en/refs.basic.other.php'>Other Basic Extensions</a></dd> <dd><a href='/manual/en/refs.remote.other.php'>Other Services</a></dd> <dd><a href='/manual/en/refs.search.php'>Search Engine Extensions</a></dd> <dd><a href='/manual/en/refs.utilspec.server.php'>Server Specific Extensions</a></dd> <dd><a href='/manual/en/refs.basic.session.php'>Session Extensions</a></dd> <dd><a href='/manual/en/refs.basic.text.php'>Text Processing</a></dd> <dd><a href='/manual/en/refs.basic.vartype.php'>Variable and Type Related Extensions</a></dd> <dd><a href='/manual/en/refs.webservice.php'>Web Services</a></dd> <dd><a href='/manual/en/refs.utilspec.windows.php'>Windows Only Extensions</a></dd> <dd><a href='/manual/en/refs.xml.php'>XML Manipulation</a></dd> <dd><a href='/manual/en/refs.ui.php'>GUI Extensions</a></dd> </dl> <dl> <dt>Keyboard Shortcuts</dt><dt>?</dt> <dd>This help</dd> <dt>j</dt> <dd>Next menu item</dd> <dt>k</dt> <dd>Previous menu item</dd> <dt>g p</dt> <dd>Previous man page</dd> <dt>g n</dt> <dd>Next man page</dd> <dt>G</dt> <dd>Scroll to bottom</dd> <dt>g g</dt> <dd>Scroll to top</dd> <dt>g h</dt> <dd>Goto homepage</dd> <dt>g s</dt> <dd>Goto search<br>(current page)</dd> <dt>/</dt> <dd>Focus search box</dd> </dl></div></nav> <div id="goto"> <div class="search"> <div class="text"></div> <div class="results"><ul></ul></div> </div> </div> <div id="breadcrumbs" class="clearfix"> <div id="breadcrumbs-inner"> <div class="next"> <a href="security.variables.php"> User Submitted Data » </a> </div> <div class="prev"> <a href="security.database.sql-injection.php"> « SQL Injection </a> </div> <ul> <li><a href='index.php'>PHP Manual</a></li> <li><a href='security.php'>Security</a></li> </ul> </div> </div> <div id="layout" class="clearfix"> <section id="layout-content"> <div class="page-tools"> <div class="change-language"> <form action="/manual/change.php" method="get" id="changelang" name="changelang"> <fieldset> <label for="changelang-langs">Change language:</label> <select onchange="document.changelang.submit()" name="page" id="changelang-langs"> <option value='en/security.errors.php' selected="selected">English</option> <option value='de/security.errors.php'>German</option> <option value='es/security.errors.php'>Spanish</option> <option value='fr/security.errors.php'>French</option> <option value='it/security.errors.php'>Italian</option> <option value='ja/security.errors.php'>Japanese</option> <option value='pt_BR/security.errors.php'>Brazilian Portuguese</option> <option value='ru/security.errors.php'>Russian</option> <option value='tr/security.errors.php'>Turkish</option> <option value='uk/security.errors.php'>Ukrainian</option> <option value='zh/security.errors.php'>Chinese (Simplified)</option> <option value='help-translate.php'>Other</option> </select> </fieldset> </form> </div> </div><div id="security.errors" class="chapter"> <h1 class="title">Error Reporting</h1> <p class="para"> With PHP security, there are two sides to error reporting. One is beneficial to increasing security, the other is detrimental. </p> <p class="para"> A standard attack tactic involves profiling a system by feeding it improper data, and checking for the kinds, and contexts, of the errors which are returned. This allows the system cracker to probe for information about the server, to determine possible weaknesses. For example, if an attacker had gleaned information about a page based on a prior form submission, they may attempt to override variables, or modify them: <div class="example" id="example-467"> <p><strong>Example #1 Attacking Variables with a custom HTML page</strong></p> <div class="example-contents"> <div class="htmlcode"><pre class="htmlcode"><form method="post" action="attacktarget?username=badfoo&amp;password=badfoo"> <input type="hidden" name="username" value="badfoo" /> <input type="hidden" name="password" value="badfoo" /> </form></pre> </div> </div> </div> </p> <p class="para"> The PHP errors which are normally returned can be quite helpful to a developer who is trying to debug a script, indicating such things as the function or file that failed, the PHP file it failed in, and the line number which the failure occurred in. This is all information that can be exploited. It is not uncommon for a php developer to use <span class="function"><a href="function.show-source.php" class="function">show_source()</a></span>, <span class="function"><a href="function.highlight-string.php" class="function">highlight_string()</a></span>, or <span class="function"><a href="function.highlight-file.php" class="function">highlight_file()</a></span> as a debugging measure, but in a live site, this can expose hidden variables, unchecked syntax, and other dangerous information. Especially dangerous is running code from known sources with built-in debugging handlers, or using common debugging techniques. If the attacker can determine what general technique you are using, they may try to brute-force a page, by sending various common debugging strings: <div class="example" id="example-468"> <p><strong>Example #2 Exploiting common debugging variables</strong></p> <div class="example-contents"> <div class="htmlcode"><pre class="htmlcode"><form method="post" action="attacktarget?errors=Y&amp;showerrors=1&amp;debug=1"> <input type="hidden" name="errors" value="Y" /> <input type="hidden" name="showerrors" value="1" /> <input type="hidden" name="debug" value="1" /> </form></pre> </div> </div> </div> </p> <p class="para"> Regardless of the method of error handling, the ability to probe a system for errors leads to providing an attacker with more information. </p> <p class="para"> For example, the very style of a generic PHP error indicates a system is running PHP. If the attacker was looking at an <code class="literal">.html</code> page, and wanted to probe for the back-end (to look for known weaknesses in the system), by feeding it the wrong data they may be able to determine that a system was built with PHP. </p> <p class="para"> A function error can indicate whether a system may be running a specific database engine, or give clues as to how a web page or programmed or designed. This allows for deeper investigation into open database ports, or to look for specific bugs or weaknesses in a web page. By feeding different pieces of bad data, for example, an attacker can determine the order of authentication in a script, (from the line number errors) as well as probe for exploits that may be exploited in different locations in the script. </p> <p class="para"> A filesystem or general PHP error can indicate what permissions the web server has, as well as the structure and organization of files on the web server. Developer written error code can aggravate this problem, leading to easy exploitation of formerly "hidden" information. </p> <p class="para"> There are three major solutions to this issue. The first is to scrutinize all functions, and attempt to compensate for the bulk of the errors. The second is to disable error reporting entirely on the running code. The third is to use PHP's custom error handling functions to create your own error handler. Depending on your security policy, you may find all three to be applicable to your situation. </p> <p class="para"> One way of catching this issue ahead of time is to make use of PHP's own <span class="function"><a href="function.error-reporting.php" class="function">error_reporting()</a></span>, to help you secure your code and find variable usage that may be dangerous. By testing your code, prior to deployment, with <strong><code><a href="errorfunc.constants.php#constant.e-all">E_ALL</a></code></strong>, you can quickly find areas where your variables may be open to poisoning or modification in other ways. Once you are ready for deployment, you should either disable error reporting completely by setting <span class="function"><a href="function.error-reporting.php" class="function">error_reporting()</a></span> to 0, or turn off the error display using the <var class="filename">php.ini</var> option <code class="literal">display_errors</code>, to insulate your code from probing. If you choose to do the latter, you should also define the path to your log file using the <code class="literal">error_log</code> ini directive, and turn <code class="literal">log_errors</code> on. <div class="example" id="example-469"> <p><strong>Example #3 Finding dangerous variables with E_ALL</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"><span style="color: #0000BB"><?php<br /></span><span style="color: #007700">if (</span><span style="color: #0000BB">$username</span><span style="color: #007700">) { </span><span style="color: #FF8000">// Not initialized or checked before usage<br /> </span><span style="color: #0000BB">$good_login </span><span style="color: #007700">= </span><span style="color: #0000BB">1</span><span style="color: #007700">;<br />}<br />if (</span><span style="color: #0000BB">$good_login </span><span style="color: #007700">== </span><span style="color: #0000BB">1</span><span style="color: #007700">) { </span><span style="color: #FF8000">// If above test fails, not initialized or checked before usage<br /> </span><span style="color: #0000BB">readfile </span><span style="color: #007700">(</span><span style="color: #DD0000">"/highly/sensitive/data/index.html"</span><span style="color: #007700">);<br />}<br /></span><span style="color: #0000BB">?></span></span></code></div> </div> </div> </p> </div> <div class="contribute"> <h3 class="title">Found A Problem?</h3> <div> </div> <div class="edit-bug"> <a href="https://github.com/php/doc-base/blob/master/README.md" title="This will take you to our contribution guidelines on GitHub" target="_blank" rel="noopener noreferrer">Learn How To Improve This Page</a> • <a href="https://github.com/php/doc-en/blob/master/security/errors.xml">Submit a Pull Request</a> • <a href="https://github.com/php/doc-en/issues/new?body=From%20manual%20page:%20https:%2F%2Fphp.net%2Fsecurity.errors%0A%0A---">Report a Bug</a> </div> </div><section id="usernotes"> <div class="head"> <span class="action"><a href="/manual/add-note.php?sect=security.errors&repo=en&redirect=https://www.php.net/manual/en/security.errors.php">＋<small>add a note</small></a></span> <h3 class="title">User Contributed Notes <span class="count">1 note</span></h3> </div><div id="allnotes"> <div class="note" id="88727"> <div class="votes"> <div id="Vu88727"> <a href="/manual/vote-note.php?id=88727&page=security.errors&vote=up" title="Vote up!" class="usernotes-voteu">up</a> </div> <div id="Vd88727"> <a href="/manual/vote-note.php?id=88727&page=security.errors&vote=down" title="Vote down!" class="usernotes-voted">down</a> </div> <div class="tally" id="V88727" title="55% like this..."> 15 </div> </div> <a href="#88727" class="name"> <strong class="user"><em>earlz- -NO SPAM-- at earlz dot biz DOT tm</em></strong></a><a class="genanchor" href="#88727"> ¶</a><div class="date" title="2009-02-04 02:11"><strong>15 years ago</strong></div> <div class="text" id="Hcom88727"> <div class="phpcode"><code><span class="html">Note for those of you using OpenBSD and PHP. The default php.ini has display_errors=off . This is contrary to the PHP default of display_errors=on . If your having trouble seeing errors on OpenBSD make sure to edit your php.ini to have display_errors=on. (I had this problem on OpenBSD 4.4)</span></code></div> </div> </div></div> <div class="foot"><a href="/manual/add-note.php?sect=security.errors&repo=en&redirect=https://www.php.net/manual/en/security.errors.php">＋<small>add a note</small></a></div> </section> </section> <aside class='layout-menu'> <ul class='parent-menu-list'> <li> <a href="security.php">Security</a> <ul class='child-menu-list'> <li class=""> <a href="security.intro.php" title="Introduction">Introduction</a> </li> <li class=""> <a href="security.general.php" title="General considerations">General considerations</a> </li> <li class=""> <a href="security.cgi-bin.php" title="Installed as CGI binary">Installed as CGI binary</a> </li> <li class=""> <a href="security.apache.php" title="Installed as an Apache module">Installed as an Apache module</a> </li> <li class=""> <a href="security.sessions.php" title="Session Security">Session Security</a> </li> <li class=""> <a href="security.filesystem.php" title="Filesystem Security">Filesystem Security</a> </li> <li class=""> <a href="security.database.php" title="Database Security">Database Security</a> </li> <li class="current"> <a href="security.errors.php" title="Error Reporting">Error Reporting</a> </li> <li class=""> <a href="security.variables.php" title="User Submitted Data">User Submitted Data</a> </li> <li class=""> <a href="security.hiding.php" title="Hiding PHP">Hiding PHP</a> </li> <li class=""> <a href="security.current.php" title="Keeping Current">Keeping Current</a> </li> </ul> </li> </ul> </aside> </div> <footer> <div class="container footer-content"> <div class="row-fluid"> <ul class="footmenu"> <li><a href="/manual/en/copyright.php">Copyright © 2001-2024 The PHP Documentation Group</a></li> <li><a href="/my.php">My PHP.net</a></li> <li><a href="/contact.php">Contact</a></li> <li><a href="/sites.php">Other PHP.net sites</a></li> <li><a href="/privacy.php">Privacy policy</a></li> </ul> </div> </div> </footer> <script src="/cached.php?t=1731172202&f=/js/ext/jquery-3.6.0.min.js"></script> <script src="/cached.php?t=1723177202&f=/js/ext/FuzzySearch.min.js"></script> <script src="/cached.php?t=1707321815&f=/js/ext/mousetrap.min.js"></script> <script src="/cached.php?t=1707321815&f=/js/ext/jquery.scrollTo.min.js"></script> <script src="/cached.php?t=1730558402&f=/js/search.js"></script> <script src="/cached.php?t=1731172202&f=/js/common.js"></script> <a id="toTop" href="javascript:;"><span id="toTopHover"></span><img width="40" height="40" alt="To Top" src="/images/to-top@2x.png"></a> <div id="search-modal__backdrop" class="search-modal__backdrop"> <div role="dialog" aria-label="Search modal" id="search-modal" class="search-modal" > <div class="search-modal__header"> <div class="search-modal__form"> <div class="search-modal__input-icon">  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" > <circle cx="11" cy="11" r="8"></circle> <line x1="21" y1="21" x2="16.65" y2="16.65"></line> </svg> </div> <input type="search" id="search-modal__input" class="search-modal__input" placeholder="Search docs" aria-label="Search docs" /> </div> <button aria-label="Close" class="search-modal__close">  <svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" width="24" viewBox="0 0 24 24" > <path d="M19,6.41L17.59,5L12,10.59L6.41,5L5,6.41L10.59,12L5,17.59L6.41,19L12,13.41L17.59,19L19,17.59L13.41,12L19,6.41Z"/> </svg> </button> </div> <div role="listbox" aria-label="Search results" id="search-modal__results" class="search-modal__results" ></div> <div class="search-modal__helper-text"> <div> <kbd>↑</kbd> and <kbd>↓</kbd> to navigate • <kbd>Enter</kbd> to select • <kbd>Esc</kbd> to close </div> <div> Press <kbd>Enter</kbd> without selection to search using Google </div> </div> </div> </div> </body> </html>

CINXE.COM

PHP: Error Reporting - Manual