Hide PHP errors Using htaccess November 7, 2011Posted by Tournas Dimitrios in PHP.
PHP contains many levels of error reporting and it is a very useful addition in the developers tool kit . By reporting runtime errors , error reporting lets the developer know what problem has occured , the path name and file name of the script that has the error , the function name that has possibly caused the error and the line number on which the error occured . Should a malicious user succeed in causing an error on a site , all this information about the system is gained from the error output . To remedy this , the php.ini setting display_errors (dispsplay_errors = 0 ) should be turned off (it is even stated in the manual that it is not recommended to enable this feature on a production site ) . This ensures if any sort of error occurs , no output is generated and potentially giving “black-hackers” a free ride . If this setting is not turned off in php.ini , it can be turned off on a per script basis at runtime with the ini_set() function as follows .
ini_set(‘display_errors’ , 0 ) ;
To entirely disable or switch it off (assuming that you’re on a shared hosting which have limited super power) , simply add
php_flag display_errors off in your .htaccess file.