Whether error_reporting(0) in php prevent hacking
Question
在PHP脚本中使用error_reporting(0)是否可以通过不报告错误来防止使用SQLi或XSS进行黑客攻击?
2 answers
solution1
3 ACCPTED 2012-07-01 08:16:37
Using error_reporting(0) is plain dangerous; you're hiding warnings that could give vital clues to shaky coding. At the same time it won't prevent SQL injection issues or xss.
My advice: set error_reporting(-1) at all times and either log all errors using error_log or write a custom error handler using set_error_handler() to handle the errors without showing them on the page. During development you should always enable display_errors as well.
Note that nothing but good coding practices and proper testing can mitigate hacking, but preventing it altogether takes even more. Adopt defensive programming or perhaps ask Bernstein to tutor you ;-)
solution2
2 2012-07-01 08:09:20
By doing error_reporting(0) you only hide the errors from the user. In some cases it may be helpful to minimize hacking but not the XSS attacks for sure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.