0

I'm designing an API with PHP and I'm wondering if there's a proper way of telling PHP not to ever write anything (not headers, or course not text,...) in the response by its own.

I mean, PHP usually returns the debug messages (errors, warnings, notices,...) directly in the response as HTML text, and if the API returns a JSON and an error (or something) occurs, this JSON would be corrupted by the PHP messages.

I have set error_reporting(0) in production mode, but I don't know if this is enough to avoid PHP on ever responding something (and therefore corrupting the output), and I'm wondering if there is a more general way of telling PHP to write stuff into a log instead of sending it as an answer... Because ideally I don't want to set error_reporting to 0, ideally I'd like to read the warnings / notices from a log file, not in the answer, as the client is not ready to handle it.

Carlos Navarro Astiasarán
  • 505
  • 1
  • 7
  • 16
  • 1
    PHP usually writes all these errors in a log apart from showing them to you on your browser, check your apache server (assuming you are running it on apache) – CodeTrooper Jan 06 '16 at 19:14
  • @codeninja And if I have `error_reporting(0)` does it still write the errors in the log? Also: if I set `error_reporting(0)`, am I 100% sure that PHP will never write anything on my answer? – Carlos Navarro Astiasarán Jan 06 '16 at 19:15
  • 6
    The only **correct** answer to this question is ___If you write your code correctly then there will be no errors to report___ Only the incompetant ___hide errors rather than fix them___ – RiggsFolly Jan 06 '16 at 19:17
  • 1
    Possible duplicate of [How to log errors and warnings into a file?](http://stackoverflow.com/questions/3531703/how-to-log-errors-and-warnings-into-a-file) – Fabricator Jan 06 '16 at 19:17
  • Check the answer provided below, it has a better explanation to what I'm trying to say. – CodeTrooper Jan 06 '16 at 19:18
  • @RiggsFolly You never know 100%, that's the point. I'm trying to avoid even the slightest Notice, but who knows. And I rather have that _secured_ – Carlos Navarro Astiasarán Jan 06 '16 at 19:21

1 Answers1

3

Proper way of doing this would be setting display errors to Off

ini_set('display_errors',0);

And logging to file

ini_set('log_errors',1);

Of course setting them up in your php.ini file helps you have a better control of what is in production and what is in development server.

Read further here:

http://php.net/manual/en/errorfunc.configuration.php#ini.display-errors

http://php.net/manual/en/errorfunc.configuration.php#ini.log-errors

electrolite
  • 46
  • 4
  • 1
    Using this approach is **the hiding place for the incompetant** – RiggsFolly Jan 06 '16 at 19:22
  • @CarlosNavarro So do I thats why I run with full error reporting on my test server – RiggsFolly Jan 06 '16 at 19:26
  • @RiggsFolly me too, but may be you are not taking into account some special case that triggers when the user input is whatever or when the DB is down or... I think you get the point. Call it however you want, the thing is that having in production a error reporting is non-sense, unless you know your code is literally perfect. That's not my case =) – Carlos Navarro Astiasarán Jan 06 '16 at 19:30
  • @CarlosNavarro All errors that I believe you can trap in well written code without a messages getting out to the browser – RiggsFolly Jan 06 '16 at 19:34