PHP contains many levels of error reporting and it is a very useful addition in the developers tool kit. By reporting runtime errors, error reporting lets the developer know what problem has occured, the path name and file name of the script that has the error, the function name that has possibly caused the error and the line number on which the error occured. Should a malicious user succeed in causing an error on a site, all this information about the system is gained from the error output.

(more…)

Abstract

One of the great benifits of PHP is its ease of access to new-comers. Its entry level is minimal and so attracts those looking for simple scripts to their sites. It is this same ease of access that becomes a problem as the new-comers begin to deal with input from users. Failure to adequately validate and sanitize data is the leading cause of security problems when dealing with PHP. This is, of course, not limitted to new-comers, and seasoned programmers rushing to meet deadlines who take short cuts in a bid to get the job out the door are just as likely to omit basic security principles.

(more…)

The default error handling in PHP is very simple. An error message with filename, line number and a message describing the error is sent to the browser.

PHP Error Handling

When creating scripts and web applications, error handling is an important part. If your code lacks error checking code, your program may look very unprofessional and you may be open to security risks.

This tutorial contains some of the most common error checking methods in PHP.

We will show different error handling methods:

• Simple “die()” statements
• Custom errors and error triggers
• Error reporting

(more…)