+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Development (https://forum.codeigniter.com/forumdisplay.php?fid=6)
+--- Forum: Issues (https://forum.codeigniter.com/forumdisplay.php?fid=19)
+--- Thread: PHP error handling security (/showthread.php?tid=63560)
PHP error handling security - Diederik Van Hoorebeke - 11-13-2015
I've noticed that the full path to a php file is shown when an error is displayed. This is not supposed to happen.
When I check the Exceptions class, the following is mentioned: "For safety reasons we don't show the full file path in non-CLI requests". But that only works for the variables available in the error templates.
Is it possible to show only the rendered error messages, and not the php rendered error message added at the top. Disabling the error reporting is not the solution.
RE: PHP error handling security - Narf - 11-13-2015
Disabling error reporting isn't the solution, indeed.
Disabling error displaying is the solution.
RE: PHP error handling security - kenjis - 11-13-2015
If you want not to show error on production server.
Set CI_ENV production.
See https://www.codeigniter.com/user_guide/general/environments.html
RE: PHP error handling security - acemary - 12-20-2015
Hello There!
Very good article but still I am Unable to understand Exceptions
I got every bit of ErrorHandling but I am getting to Understand Exceptions.
Please if anybody can help me in Understanding PHP exception.I searched through google alot for this but none of them are quite able to help me in completely understanding it.
even if you have a useful resource please provide link plz share it for me.
Any help in this matter will be apreciated alot.
Accept my thanks in Advance..... http://www.besanttechnologies.com/training-courses/php-training/php-training-institute-in-chennai | http://www.besanttechnologies.com/training-courses/web-designing-training
RE: PHP error handling security - dibyendudas - 12-20-2015
(12-20-2015, 02:41 AM)acemary Wrote: Hello There!
Very good article but still I am Unable to understand Exceptions
I got every bit of ErrorHandling but I am getting to Understand Exceptions.
Please if anybody can help me in Understanding PHP exception.I searched through google alot for this but none of them are quite able to help me in completely understanding it.
even if you have a useful resource please provide link plz share it for me.
Any help in this matter will be apreciated alot.
Accept my thanks in Advance..... http://www.besanttechnologies.com/training-courses/php-training/php-training-institute-in-chennai | http://www.besanttechnologies.com/training-courses/web-designing-training
I found a solution for you,
This solution is not pre-defined by php.
I write some custom code in Exceptions.php, and i found this problem is gone, may be this will help you.
1. First you need to open system/core/Exceptions.php
2. In here you find a function called "show_php_error".
3. You need to put some line of code in top of the function.
Code:
if( strpos($message, 'called in') ){
$server = str_replace(array( '/', '\\' ), array( '\\', '\\' ), $_SERVER[ 'DOCUMENT_ROOT' ]);
$message = str_replace($server, '', $message);
}
Your problem will solve.
Reply me in my email if your problem is solved.
[email protected]
RE: PHP error handling security - InsiteFX - 12-21-2015
You should never edit and add code to a ./system/core file!
You take and extend that file not edit it.
RE: PHP error handling security - amargow - 09-12-2018
Errors vs. Exceptions
Many use error handling and exception handling interchangeably. When we say error handling we are referring to the process of catching errors produced by your program which needs proper action. Since PHP came into a new object-oriented (OOP) way of dealing with errors, exception handling was introduced. It is used to change the usual way of handling code execution of a specific error condition when it occurs. In this way, exception handling provides a better technique over error handling.
How does exception handling in PHP work?
Just like any other object-oriented programming, PHP also uses the following keywords related to exceptions:
Try: this means that if the exception does not trigger, the code will just execute normally but if the exception triggers then it will call “thrown” exception
Throw: every time an exception has been triggered, a “throw” exception must be paired with at least one “catch”
Catch: this block of code should retrieve an exception and create an object including the exception information.
**SEO spam link redacted**