hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : howto: prevent php/mysql errors from being displayed in your site

Forum Jump

howto: prevent php/mysql errors from being displayed in your site

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
New Member
Join Date: Jul 2004
Location: Madrid, Spain
Posts: 0

howto: prevent php/mysql errors from being displayed in your site

i noticed many sites show ugly messages to their visitors when there is some php/mysql error... sometimes this error messages contains information which may be useful for atackers: physical paths, sql sentences, etc...

in order to avoid errors from being displayed on your site you can do the following changes on php.ini file:

1) as the comment in default php.ini says, turn off "display_errors".

; Print out errors (as a part of the output).  For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below).  Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = Off
2) turn "log_errors" on, again following php.ini recomendation.

; Log errors into a log file (server-specific log, stderr, or error_log (below))
; As stated above, you're strongly advised to use error logging in place of
; error displaying on production web sites.
log_errors = On
3) make sure "html_errors" is off, because we dont need HTML formated errores in our log file.

; Disable the inclusion of HTML tags in error messages.
html_errors = Off
4) and finally specify a file to log errors on.

; Log errors to specified file.
error_log = /var/log/php.err
i hope this helps someone

Sponsored Links
Junior Guru Wannabe
Join Date: Apr 2004
Posts: 42
I am going to try it. Thanks.

<b> ? </b>

Web Hosting Master
Join Date: Apr 2004
Posts: 963
So what happens when an error occurs? it will just show a blank page?

Sponsored Links
Join Date: Mar 2002
Posts: 16
Yes. If you don't want that, there is also one other workaround.. write your own error handling function which shows a fancy error message and set it up as a prepend file.

Junior Guru Wannabe
Join Date: Sep 2004
Posts: 34
Nice post, OscarG.

I only have one problem. No matter what file I specify for error_log like in your example

; Log errors to specified file.
error_log = /var/log/php.err

it ignores /var/log/php.err and the errors always get sent to my apache error_log file.

One thing that works is to set it on startup in a php script like


ini_set('error_log', '/tmp/php.err');

But that of course is on a per script basis. I'd rather have the error_log work for me inside my /etc/php.ini file but I'm not sure why it just sends them all to my apache error_log.

Join Date: Sep 2004
Location: Brugge - Belgium
Posts: 27
I think the meaning of an errormessage is to let you know there is something wrong, by me i always try it local and after i put it public so where is the problem for attackers?

Robin Cauwenbergh


Related posts from
Title Type Date Posted
CloudLinux Releases Software for Web Hosts to Set Limits on Accounts Running MySQL Web Hosting News 2015-01-26 14:42:26
Website for DNS Organization ISC Down After Malware Discovery Web Hosting News 2014-12-30 12:13:20
Physical Layer Management for Hosting Companies Blog 2014-10-06 12:41:24
Google Releases Hosted Database Service Cloud SQL to General Availability Web Hosting News 2014-02-12 13:46:02
Google Cloud Provides Support For Native MySQL Connections Web Hosting News 2013-11-01 14:36:06

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?