Error Reporting With PHP and Joomla
When developing or maintaining a Joomla website or Joomla template it is important to know when PHP is generating errors. If an error occurs, clearly something went wrong and you want to know about this so you can fix the problem.
When you are developing on your own computer the easiest thing to do is simply show the PHP errors on screen. However, it is not wise to do the same on live websites, because PHP error messages can contain usernames, passwords, paths to files and other sensitive information. This information might be used by hackers or other bad people to cause harm to your website. The Joomla installation process notifies you that error reporting is enabled for this reason.
The PHP documentation states the following about PHP’s display_errors setting: “This is a feature to support your development and should never be used on production systems (e.g. systems connected to the internet).”
This doesn’t mean you should disable error reporting completely, but that you just shouldn’t show them to your visitors. Fortunately PHP has the option to log errors to a file. This way you can keep track of PHP errors that occurred without visitors being able to see those errors.
To enable this feature, choose the following settings in your php.ini:
# Do not display errors on screen, display_errors = off # but do log the errors that occur log_errors = on # to the following file: error_log = /var/log/phperrors.log
If you set the error_log value to syslog then PHP will send any errors to system logger. This means that on Windows platforms, your errors can you viewed using the Event Viewer. On Unix based systems, errors will be added to /var/log/syslog. This way you can take advantage of your OS logging capabilities and use the tools available for it.
It is possible that you don’t have access to php.ini, for example when you are on a shared hosting platform. If this is the case, then you can set these variables via your .htaccess file. Below is an example of how to set the variables in your .htaccess file:
php_value display_errors 0 php_value log_errors 1 php_value error_log /full/path/to/your/directory/testlog.txt
Please choose the location of your log file carefully. It is advisable to place the file outside your so called wwwroot (the folder accessible from the web). This ensures that it cannot be read by other internet users via a web browser or otherwise. The wwwroot is usually a folder called ‘public_html’ or something similar. If you are unsure what folders are in your wwwroot, you can contact your web host about this. You might also protect the logfile using a .htaccess file.
Another error-related setting in PHP is error_reporting. This setting controls which types of errors are being logged (or displayed on screen when enabled). The following values in your php.ini are advised for development and production environments:
;Development value (show all errors, except for notices) error_reporting = E_ALL | E_STRICT ;Production value (show all errors, warnings and notices including coding standards.) error_reporting = E_ALL & ~E_DEPRECATED
When developing on Joomla, E_ALL | E_STRICT is not the right pick as it generates too many warnings on a fresh Joomla installation. You should just use E_ALL instead. You can see the full list of options here.
This setting can also be changed via your .htaccess file, but you can’t use the constants like E_ALL there. This because a PHP constant is not defined in your .htaccess file. Instead of using the constant name, you can use the value of the constant instead which is always an integer (number). You can see the values of the constants here. Be careful to pick the right value, because they can differ per PHP version. Below is an example on how to set the equivalent of error_reporting = E_ALL in your .htaccess:
# for PHP 5.3.x php_value error_reporting 30719 # for PHP 5.2.x php_value error_reporting 6143 # lower PHP versions php_value error_reporting 2047
Cherry on top of the pie
Logging errors to a file in a production environment has one extra advantage over displaying them. This is due to the fact that your visitors will use your website differently from the way you use it. They hit links you might not have and try combinations of settings your would never have imagined. This way you can see errors you otherwise wouldn’t have found yourself if you hadn’t logged the errors.