What every PHP user needs to know about programming

1. You are not the only user of your site.
• How to report errors to the user
• How to report errors to a programmer
2. Use the Google, Luke.
3. Comments (1)

Let's be honest - PHP is mostly a self-taught language. Means almost everyone is just learning by example. Well, there is nothing wrong with learning by example itself, but it is leaving you without the knowledge about some fundamental principles that you will desperately need when your code go wrong. So let's shed a little light on them. Below you will find some things you need to know.

You are not the only user of your site.

Surely, in your dreams you are writing another Facebook with billions of users, and surely it will be - I am not questioning it. But the code you write says the opposite, at least when it takes to error reporting. Most likely it looks like this, showing the error message right on-screen:

} catch (PDOException $e) {
    die($e->getMessage());
}

or even a decorated version, in a dedicated pane

if ($conn->connect_error) {
    $message = "There was a fatal error connecting to the database: ".$conn->connect_error;
    showMessage('error', $message);
}

and so while developing (and thus being the only user of your site so far), you are enjoying such convenient way to be informed of all the errors occurred. So far so good.

But let's imagine your site finally goes live, and, in some unfortunate moment, an error occurs. It is not you who is sitting by the screen but an innocent user, who just have no idea what's going on. Is this error on their part? Is it recoverable? And what does this (pretty cryptic!) error message mean? And what, after all, to do? Where to click, to whom report? How to proceed with their task?

How to report errors to the user

Here you can learn by example too. But not by the code examples but by the existing sites' behavior. Did you ever see such a silly message like "There was a fatal error connecting to the database" on Stack Overflow? Reddit? No. There is only a generic error message with an apology shown, asking a user to try again. And it makes sense. An innocent user can simply have no idea on databases at all and won't make any use of the system error message anyway.

Besides, showing the system error message on-screen is considered one of security breaches, as it can supply a malicious user with invaluable information on the system internals - filesystem structure, table and field names in the database and so on. Worse than that - an error message is giving a hacker the feedback on their action, practically turning a beam light towards your system, helping a hacker a lot. While without error messages - and thus without feedback - hey have to be working in the dark.

So I hope that I convinced you to show only a generalized error message to a site user. We will learn how to do that a bit later, but for the moment let's just remove all commands that report error messages right on the screen. For this purpose, instead of echoing the error message, create a generic PHP error from it. You can use either the trigger_error() function or throw an exception. So your code will become

if ($conn->connect_error) {
    trigger_error($conn->connect_error);
}

or

if ($conn->connect_error) {
    throw new \Exception($conn->connect_error);
}

An important note regarding exceptions thrown by PHP: just don't interfere and let them go. If you won't catch an exception, it will be turned into a PHP error automatically.

And finally, just tell PHP to hide error messages on a live server. There is configuration option for this, called pretty straightforward: display_errors! So add it to php.ini or .htaccess or at least to your PHP code:

ini_set('display_errors',0);

The mission is accomplished! All errors are now hidden.

Now let's see what we can do for a programmer.

How to report errors to a programmer

OK, the user is satisfied, the hacker is baffled. Now what about yourself? After all, you (hopefully) want to know that error has been occurred, and - most important - which error and where it happened. For this purpose of course you can turn displaying errors on a dev server and logging them on a live server.

// on a live server
ini_set('display_errors',0);
ini_set('log_errors',1);

// on a dev server
ini_set('display_errors',1);
ini_set('log_errors',1);

As you can see, these two simple commands give you the full control over PHP error reporting! On a dev server you will see them right on the screen for convenience (and also in the logs, just in case) while on a live server you can be sure that you didn't miss any error that happened to occur.

Use the Google, Luke.

One of the most essential skills a PHP programmer should master is an Internet search skill. For the every error message you get, there are TONS of answers already.