0

i have few sql queries and when a users logged in it execute fine as that time that users will be having some id but when a guest clicks those links i am getting error and complete sql query is being shown which is a big security risk. i want to disable error reporting so i disabled error reporting in php.ini through whm

i am looking for some way to disable complete errors when i want.i know it can be done by adding @ at the beggining of mysql query but i dont want to add @ in all query i am looking for a simple solution through whm just disable and enable like.

here is my errors

 QL query error!
Error infomation:
[SQL]
 select * from `blacks` where bid= and uid=21329 

 [Error]
You have an error in your SQL syntax; check the manual that corresponds to your        MySQL      server version for the right syntax to use near 'and uid=21329' at line 1
Charles
  • 50,943
  • 13
  • 104
  • 142
raviloves
  • 197
  • 1
  • 3
  • 12
  • Check out if this can help: http://stackoverflow.com/questions/11698434/hiding-php-mysql-error-message – Araw Dec 08 '12 at 10:45
  • 2
    No. Do not just disable error reporting because your code is generating faulty SQL. Fix your broken code *first*, then worry about errors. (Hint: `display_errors`). – Charles Dec 08 '12 at 10:49
  • @Araw i tried error_reporting(0); this at the top of page i put this one but still mysql errors are being dispalyed – raviloves Dec 08 '12 at 10:50

3 Answers3

3

To disable errors from being displayed in the output of your PHP scripts set display_errors to off or 0 in your php.ini. You can find which php.ini file is being loaded by looking at phpinfo.

Simply create a new PHP script and put the following line in that script then run it and you'll see the values of all of PHP's configuration directive as they're currently loaded:

<?php phpinfo(); ?>

You really don't want to disable error_reporting completely, however. It is important that you log errors in production and keep display_errors turned off. Logging errors is important because it will help you identify when an error has occurred. Otherwise, you will never know when there is a problem with your code and thus won't be able to fix it.

It is highly discouraged to use the error control operator @ because it is semantically equivalent of disabling error_reporting, which means you will never know if your script dies due to a fatal error.

It is also important to note that you must restart PHP in order for changes made to your php.ini to take effect. If you're using *mod_php* with apache httpd, for example, that means restarting your web server entirely. This may require fully stopping and then starting httpd back up again (as on some setups using the restart command may not do it). If you're using CLI or CGI the process should automatically be restarted with each request. Some fcgi/mod_fcgid setups, and FPM setups could require making sure all of the fastcgi workers are fully stopped and respawned by their parent process.

Sherif
  • 11,786
  • 3
  • 32
  • 57
  • MySQL errors are not inherently a part of the PHP error handler. It is possible that whatever is sending those MySQL errors to the output stream is a part of whatever PHP script you are using when this occurs. You will need to check the code to see if this is the case. The error message you provided above does not appear to be in the format of a standard PHP error message provided by the PHP error handler. Thus it's possible you have some custom error handling going on that needs to be disabled from your PHP code. – Sherif Dec 08 '12 at 10:59
0

You can disable error reporting using error_reporting(0);

Sandip Ghadge
  • 303
  • 4
  • 14
  • i tried error_reporting(0); this at the top of page i put this one but still mysql errors are being dispalyed – raviloves Dec 08 '12 at 10:51
0

You need to set the display_errors directive to off in php.ini. Your errors should be written to a log instead of turning off error reporting completely.

Ian Atkin
  • 6,302
  • 2
  • 17
  • 24