- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.
- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.
- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.
- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.
- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.
- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.
- I don't think that printing raw errors/data to the users is a good idea:
var_dump($e);
They (usually) can't fix it, so it doesn't help them. (See #3 here) It might also contain sensitive information which could help attackers.
Instead of that you should log the errors to a log file, hide the details from the user (don't forget to print a friendly error message) and fix the errors. Your users might not call/mail you when they found a bug. They just simply use one of your competitor's service.
- Instead of using the same function for three more or less different purposes:
set_error_handler("error_handler"); set_exception_handler("error_handler"); register_shutdown_function("error_handler");
I'd use three different functions (with proper signatures) which might call a fourth one. It would be cleaner (easier to read, understand and maintain). It would make unnecessary the internal magic with error_get_last(), func_get_args() and instanceof.
1.
// Only let PHP report errors in dev error_reporting(ENV === 'dev' ? E_ALL : 0);
It seems to me as a code smell: Test Logic in Production. I'd use php.ini to set this, I guess php.ini is a straightforward place for most of the PHP developers to set this instead of a PHP file.