Whether using error_reporting(0) in php script will prevent hacking using SQLi or XSS by not reporting error?
Whether using error_reporting(0) in php script will prevent hacking using SQLi or XSS by
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Whether using error_reporting(0) in php script will prevent hacking using SQLi or XSS by not reporting error?
Using
error_reporting(0)is plain dangerous; you’re hiding warnings that could give vital clues to shaky coding. At the same time it won’t prevent SQL injection issues or xss.My advice: set
error_reporting(-1)at all times and either log all errors usingerror_logor write a custom error handler usingset_error_handler()to handle the errors without showing them on the page. During development you should always enabledisplay_errorsas well.Note that nothing but good coding practices and proper testing can mitigate hacking, but preventing it altogether takes even more. Adopt defensive programming or perhaps ask Bernstein to tutor you 😉