0

PHP Debugging

PHP, WebMarch 18, 2008 at 21:10

As I continued my quest into updating all my web sites and scripts for the big update, I tried to use an easy method to debug my PHP scripts. So, I modified my php.ini file and changed the following lines:

error_reporting = E_ALL
display_errors = On
display_startup_errors = On
log_errors = On
track_errors = On

I actually don’t know about the display_startup_errors and track_errors features, but the one that helped me a lot was error_reporting.

Good. I set it up in my config.php file as <?php error_reporting(E_ALL);?>. As a result, lots of ‘undefined index‘, ‘undefined variable‘ and ‘undefined constant‘ notices and warnings appeared. The script still worked as intended, but the warnings and notices are still errors because something is happening that you as the programmer obviously did not plan for, and neither did your end user. Why should you fix them if they’re not errors, you ask? Because some hacker with error_reporting forced to E_ALL could see these ‘undefined’ variables, indexes and constants, and define them in an attempt to get hold of your form processing. What may happen then? I’ll let you figure it out.

In my form processing scripts I had lines stating that if the submit button has been hit, then execute the script (like inserting or updating the database). Here is the code:

if($submit) {
...do insert here...
}
else {
...display form here...
}

This script would in fact cause some errors, because the $submit variable is not set in the first part of the script, it gets set only after submitting the form, so the check for the value of $submit would produce a non-fatal error. What should we do to prevent this? We should first check for the existence of $submit, and then for its value:

if(isset($submit)) {
...do insert here...
}
else {
...display form here...
}

Furthermore, let’s assume the form does a POST action. Replace:

if(isset($submit))

with:

if(isset($_POST['submit']))

I had more circumstances, which could produce these ‘undefined’ errors, but the form processing ones were the most frequent.

Do not forget to change it back to <?php error_reporting(0);?> after you finished debugging and fixing your script.

Tags: , , ,

 
 
 

More posts by Chip »

Author:

 

0 Comments

Leave a Reply





 
CommentLuv Enabled
 
  • John William: Very informative article! I was wondering that can we submit more arti...
  • CSS Gallery: Great research on these resources! We noticed you didn’t include ht...
  • ramyad: Great! Finally, found a solution. I've been scratching my head on this...
  • san diego seo: There is a new guy on my soccer team who is an Englishman. From time t...
  • Spyke: Thanks for posting this. Many people don't realize that bridge does th...

Featured

» Whiskey Air Theme
» Rainbow Collection Buttons
» Write for us! Apply now!

Ads

» U.S. Funeral Homes

Twitter Updates

    follow me on Twitter

    Top Browsers

    • - Firefox 3
    • - IE 6
    • - IE 7
    • - Chrome 5
    • - IE 8

    Top OS

    • - WinXP
    • - WinVista
    • - Win2008
    • - MacOSX
    • - Linux

    Site Stats

    • 01 visitor(s) online
    • powered by WassUp

    Ads

    Ads

    Ajax CommentLuv Enabled 7cc703d7a351bbc1b554fad7c2b1c542 | Tots2Teens | Cariera Piatra Constanta | Verighete