Often times PHP applications configure error_reporting at runtime, perhaps because it appears to be more bootstrappable:
|
1 2 3 4 5 6 7 |
<? error_reporting(E_ALL & ~E_NOTICE); // ...or... ini_set('error_reporting', E_ALL & ~E_NOTICE); ?> |
In dev environments, it is often desirable to log errors of level E_STRICT to be warned about practices that are “deprecated or not future proof.” Unfortunately, enabling E_STRICT at runtime using one of the methods above will never workâgiving you a false sense of security with respect to strict-level errors! This is because PHP performs strict checks at compile time before your runtime error_reporting configs are set. In other words, this will not work:
|
1 2 3 4 5 |
<? // Neither of these: error_reporting(E_ALL | E_STRICT); ini_set('error_reporting', E_ALL | E_STRICT); ?> |
To get E_STRICT errors, you must take care to set the value of error_reporting before compile time, such as in php.ini, or httpd.conf or .htaccess if you are running Apache:
Setting error_reporting in php.ini:
|
1 |
error_reporting = E_ALL | E_STRICT |
Setting error_reporting in httpd.conf or .htaccess:
|
1 2 |
php_value error_reporting 32767 # Equivalent int value of E_ALL | E_STRICT # for PHP 5.3.3 (later versions may vary) |
The manual does mention this topic, though it may be easily overlooked.
Last but not least, always remember to turn display_errors off in production!
display_errors Off in php.ini
|
1 |
display_errors = Off |
display_errors Off in httpd.conf or .htaccess
|
1 |
php_flag display_errors Off |