Viewed   88 times

I'm familiar with some of the basics, but what I would like to know more about is when and why error handling (including throwing exceptions) should be used in PHP, especially on a live site or web app. Is it something that can be overused and if so, what does overuse look like? Are there cases where it shouldn't be used? Also, what are some of the common security concerns in regard to error handling?



One thing to add to what was said already is that it's paramount that you record any errors in your web application into a log. This way, as Jeff "Coding Horror" Atwood suggests, you'll know when your users are experiencing trouble with your app (instead of "asking them what's wrong").

To do this, I recommend the following type of infrastructure:

  • Create a "crash" table in your database and a set of wrapper classes for reporting errors. I'd recommend setting categories for the crashes ("blocking", "security", "PHP error/warning" (vs exception), etc).
  • In all of your error handling code, make sure to record the error. Doing this consistently depends on how well you built the API (above step) - it should be trivial to record crashes if done right.

Extra credit: sometimes, your crashes will be database-level crashes: i.e. DB server down, etc. If that's the case, your error logging infrastructure (above) will fail (you can't log the crash to the DB because the log tries to write to the DB). In that case, I would write failover logic in your Crash wrapper class to either

  • send an email to the admin, AND/OR
  • record the details of the crash to a plain text file

All of this sounds like an overkill, but believe me, this makes a difference in whether your application is accepted as a "stable" or "flaky". That difference comes from the fact that all apps start as flaky/crashing all the time, but those developers that know about all issues with their app have a chance to actually fix it.

Friday, December 2, 2022

You should first test the existence of a file by file_exists().

  $fileName = 'uploads/Team/img/'.$team_id.'.png';

  if ( !file_exists($fileName) ) {
    throw new Exception('File not found.');

  $fp = fopen($fileName, "rb");
  if ( !$fp ) {
    throw new Exception('File open failed.');
  $str = stream_get_contents($fp);

  // send success JSON

} catch ( Exception $e ) {
  // send error message if you can

or simple solution without exceptions:

$fileName = 'uploads/Team/img/'.$team_id.'.png';
if ( file_exists($fileName) && ($fp = fopen($fileName, "rb"))!==false ) {

  $str = stream_get_contents($fp);

  // send success JSON    
  // send error message if you can  
Friday, September 30, 2022

Your code for dealing with errors must be absolutely bulletproof.

Sometimes it will kick in because of a really obscure reason that you forgot to test for, but you still want it to run when when its struggling through the code version of the apocalypse.

Writing its output to a database creates a huge dependency for you code - and the absence of the database is most likely to be a major cause of problems which would be reported.

Relying on mail is still a dependency, however the most immediate objective in the event of an outage should be to get the system working again - so sending an email is a very effective way of alerting you that you need to fix something.

PHP's file handling facilities do not lend themselves to concurrent access - so although I'd recommend logging any events locally, do not write the files from your code - use the syslog interface. By all means send an email with the relevant details after you've sent it to the syslog.



Friday, August 19, 2022

Please try to do the following:

In .htaccess

    # supress php errors
    php_flag display_startup_errors off
    php_flag display_errors off
    php_value docref_root 0
    php_value docref_ext 0

    # enable PHP error logging
    php_flag  log_errors on
    php_value error_log  /correct_path_to_your_website/error_modes/PHP_errors.log

    # general directive for setting php error level
    php_value error_reporting -1

In php file

Instead of intentional mistake in you wrote in your php file you can try doing something like:


    echo $_SERVER['DOCUMENT_ROOT']; // this will enable you to see 
                                    // the correct path to your website dir 
                                    // which should be written in .htaccess 
                                    // instead of correct_path_to_your_website
                                    // (check it just in case)

    $foo = $bar['nope'];// this should generate notice 

    call_undefined(); // this should generate fatal error


Worked good with me)

Hope it'll help.

Wednesday, September 7, 2022
if ($array) {
    foreach ($array as $k => $v) {
} else {
    echo 'No team selected';
    // exit from loop

Your exit from loop will be a "return", or a "break n" (n is the levels to break for) or continue... it depends on your logic.

Tuesday, November 29, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :