PHP 自定义错误页面

2021-12-26 00:00:00 error-handling php

每个人都说在活动站点中允许显示错误"是不好的(由于一些安全问题).

Everyone says that "Enabling errors to be shown" in an active site is bad (due to some security issues).

现在,我们必须考虑两种情况:

Now, we have to consider 2 cases:

  1. 网站处于调试模式
  2. 该站点未处于调试模式

现在,对于案例 #1:

我们想查看错误.怎么样?

We want to see the errors. How?

ini_set('error_reporting', E_ALL);
ini_set('display_errors', 1);

没有比这更简单的了.我们还可以为除 Parse 和 Fatal 之外的所有错误自定义错误处理程序.

Nothing more simple. Also we can customize an error handler for all errors except Parse and Fatal.

相反,如果情况是 #2:

我们希望能够停用这些消息:

We would like to be able to deactivate the messages:

ini_set('error_reporting', 0);
ini_set('display_errors', 0);

没关系.但是如何向用户显示一条友好的消息,例如嘿,伙计,有些事情真的很糟糕.我不向您保证我们正在努力解决它,因为我们很懒惰.".您应该再次启用错误并只使用函数 set_error_handler() 并希望不会发生解析或致命错误.但我的第一个问题是:

And it's ok. But what about showing users a friendly message such as "Hei man, something is really f**ked up. I don't assure you we are working to fix it, since we are very lazy.". You should enable errors again and just use the function set_error_handler() and hope that no parse or fatal errors occur. But my first question is:

问题 1:是否可以避免错误报告并在出现问题时加载自定义离线页面?我的意思是,是否有可能有 ini_set('error_reporting', 0);ini_set('display_errors', 0); 并且仍然能够告诉 PHP 加载自定义错误页面?

Question 1: Is that possible to avoid error reporting and have a custom offline page that is loaded when something goes wrong? I mean, is it possible to have ini_set('error_reporting', 0); and ini_set('display_errors', 0); and still be able to tell PHP to load a custom Error page?

现在是另一个:

问题 2:我开发了一个类,利用 set_error_handler() 的强大功能将发生的错误记录到数据库中.通过这种方式,我可以跟踪黑客尝试和其他很酷的东西.(是的,我总是确定数据库是可访问的,因为如果我们无法连接到数据库,我的应用程序就会关闭).这值得吗?

Question 2: I developed a class that with the power of set_error_handler() logs errors occurred into the database. In this way I can keep track of hack attempts and other cool stuff. (And yes, i'm always sure the DB is accessible since my application shuts down if we cannot connect to the DB). Is this worth something?

推荐答案

前段时间我创建了一个小系统,当发生致命错误/抛出未捕获的异常时,它会将您重定向到错误页面.有可能假设每个请求都由一个文件处理并以该文件结尾,因此通过到达该文件的末尾,我确定一切正常.在这种情况下,我设置了在错误页面上重定向的函数并将其注册为关闭函数 - 因此它将在所有请求结束时调用.现在在这个函数中,我检查干净关闭的条件,如果满足,我什么都不做,输出被刷新到浏览器,否则缓冲区被清除,只发送重定向到错误页面的标头.

Some time ago I created small system that redirects you to error page when fatal error occurs / uncaught exception was thrown. It was possible with assumption, that every request is handled by one file and ends in this file, so by reaching end of this file I'm sure that everything went OK. With this condition I've set up function to redirect on error page and registered it as shutdown function - so it will be called at the end of all requests. Now in this function I check conditions for clean shutdown and if hey are met, I do nothing and output is flushed to the browser, otherwise buffer is cleaned and only header redirecting to error page is sent.

此代码的简化版本:

<?php
function redirect_on_error(){
    if(!defined('EVERYTHING_WENT_OK')){
        ob_end_clean();
        header('Location: error.html');
    }
}

register_shutdown_function('redirect_on_error');

ob_start();

include 'some/working/code.php';

echo "Now I'm going to call undefined function or throw something bad";

undefined_function();
throw new Exception('In case undefined function is defined.');    

define('EVERYTHING_WENT_OK', TRUE);
exit;

相关文章