As I understand it, the only ‘supported’ way to suppress error output is by changing the value of error_reporting.  This is certainly a deal-breaker.  Disabling all error reporting on a live server is not a good practice.

How can I suppress the display of errors reported by CodeIgniter and (as strange as it may be) have it pay attention to my settings in php.ini or directory specific php settings via .htaccess?

Thanks in advance.

Larry

Hi Larry,

There are two configuration settings in particular you want to pay attention to: error_reporting and display_errors.

On a development server you generally want to have errors printed to the screen. In fact, you want ALL errors, warnings, and notices to show up. To do so you set error_reporting to E_ALL or 8191, and display_errors to true or 1.

On a production server you certainly don’t want any errors printing to the screen, but you DO want errors logged so you can review them. In this case you likely only care about the more serious errors. Not only that, if you log notices in addition to errors and warnings your logs are liable to get quite large. So, set error_reporting to something like E_ERROR | E_WARNING | E_PARSE, display_errors to false or 0, and make sure you have error logging set up correctly.

Hope that helps!

Thanks for the info, unfortunately it doesn’t help.  I’m aware of the php settings and use them quite often.  As personal preference, I keep display_errors off and log all errors in dev, staging and production environments.

Unfortunately, CodeIgniter ignores the display_errors setting.  That’s my issue.  I won’t deploy a CI app to a production server unless I have control over the level of error reporting (which I do) and the method of reporting (which I don’t).  For some reason, CI ignores those php.ini settings.  I see where error_reporting is set in index.php and I can modify that, but the display_errors setting is hiding from me.

Thanks anyway.

I’m not sure I’m following.  You want CI generated errors suppressed, but PHP and database errors enabled?

I just started working with CI today so I’m not sure about DB errors and how CI handles those. 

What I’m saying is that CI obviously has custom error handlers (think set_error_handler()) that ignore the display_errors php.ini setting.  I just want CI to use the settings I use in php.ini. 

It’s seems absolutely foolish to essentially overload the built in error handling and ignore php.ini settings. 

I’m hoping that I’m just being ignorant here and someone can clue me in, because I do like many things about CI.

Sorry, its been a long day for me.  Bear with me ok, because I’m sure we can help get this sorted out.

That said, I just don’t understand what you want. Are you trying to have PHP errors on and CI errors off?

CI will report PHP errors, so if you have PHP errors suppressed, then CI won’t report them.

I have yet to come across any CI-specific errors.  I’ve only encountered a traditional php error.  Instead of the error showing up in my error log as it’s supposed to, it’s being pushed out to the browser in a pretty little CI design.

My php.ini file has display_errors = ‘off’ and error_log = ‘/var/log/php’.  I should NOT be seeing any errors in a browser….... yet I am.

Do you know what I mean?

lkagan - 20 August 2007 07:28 PM

I just started working with CI today so I’m not sure about DB errors and how CI handles those. 

What I’m saying is that CI obviously has custom error handlers (think set_error_handler()) that ignore the display_errors php.ini setting.  I just want CI to use the settings I use in php.ini. 

It’s seems absolutely foolish to essentially overload the built in error handling and ignore php.ini settings. 

I’m hoping that I’m just being ignorant here and someone can clue me in, because I do like many things about CI.

Are you talking about the error messages you see when you have a database error (like a bad query or something)?

I find that they tend to stop a script executing, which was messing with my own error handling.

If you look in application/config/database.php

You want to set:

Sorry if this isn’t what you were getting at, just trying to help

Thank you for trying to help but it’s not as complicated as you’re thinking (not that the db error you’re talking about is complicated). 

See this URL: http://codeigniter.larrykagan.com/ (will only be there for a short time)

You’ll see the output of the value of my display_errors flag.  It’s false.  Then, you’ll see, uh, an error output!

Here’s the code I used at the top of that file:

So you see, I told php not to display any notices, but CI ignores it.

Open up index.php

What does line 12 say?

error_reporting(E_ALL);

But error_reporting is a totally different entity from display_errors.  I want E_ALL, but to be sent to the log, not the browser.

OK, so that is over-riding your php.ini setting… that’s why you’re getting the errors still.

Error_reporting is not a totally different entity from display_errors.

If you set that to

but leave your log threshold where it is, then you will not get any errors shown to the screen, but you will get them added to the log still.

whew!

Sorry it took us so long to get around to that… we just weren’t sure what we were trying to accomplish here

Oh yes, and welcome to CodeIgniter!  Sorry your first experience involved me on 2 hours sleep and not enough caffeine!

Well, thanks for taking the time.  But we’re still not there.  There is one single place to specify the level of reporting regardless of where the reporting gets sent to (ie: log, browser, etc..).  The level is specified in error_reporting as you know.  That level of reporting is global across all methods of reporting.  A separate and distinct setting is display_errors.  This specifies if those errors should be displayed in the browser.  Another setting is log_errors which is more appropriate for staging and production servers.

In the comments of index.php is states

| By default CI runs with error reporting set to ALL.  For security
| reasons you are encouraged to change this when your site goes live.
| For more info visit:  http://www.php.net/error_reporting

Which is misleading.  Lowering this value does not increase security.  Changing display_errors = off and using a log is what increases security.

Note that the above is based on traditional PHP settings and is completely separate from any CI-specific code. 

So in summary:
- CI only appears to care about error_reporting and ignores log_errors and display_errors.

Do you follow me?

By the way, this statement is incorrect because there is no log threshold, just on or off (unless CI has something different):

If you set that to
error_reporting(0);

but leave your log threshold where it is, then you will not get any errors shown to the screen, but you will get them added to the log still.

I hope I’m not being rude.  Don’t feel that you have to be the one to answer this.  And I do appreciate your time.

There is one single place to specify the level of reporting regardless of where the reporting gets sent to (ie: log, browser, etc..).

No, these are separate.  error_reporting controls errors getting output to the screen. log_threshold controls if errors get logged.

The security comes from not displaying the error message, which could provide insight into how the system is running.  Whatever prevents the error messages from making it to the screen is what increases security.

display_errors has nothing to do with CodeIgniter per se.  As a server setting that many users don’t have access to, it is kind of an unknown.  Since we can’t know what that setting will be per user, CI effectively overrides it by using error_reporting in the index (which is called on every page load).

Thus, in CI display of the errors is controlled by the PHP error level (and therefore what you set error_reporting to).  Thus, error_reporting is what will increase security, since it is what controls whether or not errors get displayed.

If you commented out that line, then CI would default to whatever was set in your display_errors setting.  I think this might be what you want, but I’d encourage users to continue with error_reporting, as it is more predictable and portable, across a wider base of servers.

CI also uses set_error_handler to call a custom function when an error is encountered.  Part of what CI does, is make this error available for logging if your logging threshold warrants it.  So it can log without displaying.

But it is still possible that I’m not understanding. I believe what you want is for errors to be logged, but not displayed.  Are you not finding this with error_reporting at “0” and your log threshold at 1 or more?

By the way, this statement is incorrect because there is no log threshold, just on or off (unless CI has something different)

error_reporting is not something CI invented.  CodeIgniter can use every valid value.  You quoted it yourself earlier in that post. “For more info visit:  http://www.php.net/error_reporting”

The security comes from not displaying the error message, which could provide insight into how the system is running.  Whatever prevents the error messages from making it to the screen is what increases security.

Agreed.  However tying the error_reporting level to the type of reporting is a pain.  But I see where you’re coming from for those using shared hosting.

If you commented out that line, then CI would default to whatever was set in your display_errors setting.  I think this might be what you want, but I’d encourage users to continue with error_reporting, as it is more predictable and portable, across a wider base of servers.

Commenting out the line does nothing since my config is set at E_ALL anyway.

CI also uses set_error_handler to call a custom function when an error is encountered.  Part of what CI does, is make this error available for logging if your logging threshold warrants it.  So it can log without displaying.

As mentioned before, I assumed set_error_handler was being used.  You mentioned the logging threshold… I assumed you were talking about log_errors which is a built-in php configuration directive but after a little research I see that log_threshold is CI-specific.

But it is still possible that I’m not understanding. I believe what you want is for errors to be logged, but not displayed.  Are you not finding this with error_reporting at “0” and your log threshold at 1 or more?

This is the statement that answers my exact question!  Bingo, congrats, and thanks!

By the way, this statement is incorrect because there is no log threshold, just on or off (unless CI has something different)

error_reporting is not something CI invented.  CodeIgniter can use every valid value.  You quoted it yourself earlier in that post. “For more info visit:  http://www.php.net/error_reporting”

  There is one single place to specify the level of reporting regardless of where the reporting gets sent to (ie: log, browser, etc..).

No, these are separate.  error_reporting controls errors getting output to the screen. log_threshold controls if errors get logged.

My ignorance of log_threshold

Now go get some sleep.  As for me, I still have a few more hours of coding ahead of me.

Thanks again, you really put some time in on this one.