我可以使用 .htaccess 隐藏 php 错误中的路径吗
我可以使用 .htaccess 隐藏 php 错误中的路径
示例:
Notice: Undefined variable: hello in C:\xampp\htdocs\mysite\index.php on line 3
我想使用 .htaccess 隐藏路径或打印一些内容让我知道是否有错误而不打印页面的路径:
Notice: Undefined variable: hello on line 3
或
Notice: Undefined variable: hello
或
There is error in your page
编辑:
我将此行放入我的.htaccess 但我无法访问我的网站。出现错误“内部服务器错误” 我该如何解决这个问题
# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_value docref_root 0
php_value docref_ext 0
Can I hide the path in php error using .htaccess
Example:
Notice: Undefined variable: hello in C:\xampp\htdocs\mysite\index.php on line 3
I want to hide the path using .htaccess or print something let me know if there is an error without print the path of the page:
Notice: Undefined variable: hello on line 3
or
Notice: Undefined variable: hello
or
There is error in your page
Edit :
I put this lines in my .htaccess
But I can't access to my site. There is error "Internal Server Error"
How Can I fix that
# supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
php_value docref_root 0
php_value docref_ext 0
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
PHP 的错误消息不是针对用户的,而是针对开发人员的。
因此,对于生产环境,您应该禁用 display_errors 以避免信息泄露:
相反,您应该向用户显示通用错误消息,这些消息不会透露任何内部信息,而只记录错误消息(请参阅 log_errors 和 error_log):
而如果你确实想修改 PHP 的错误消息,可以使用
set_error_handler来设置自定义错误处理程序。另请参阅OWASP 开发指南中的“错误处理、审核和日志记录” 了解更多信息。
PHP’s error messages are not meant for users but for developers only.
So for a production environment, you should disable display_errors to avoid information disclosure:
Instead, you should show generic error messages to your users that do not unveil anything of the internals and only log the error messages (see log_errors and error_log):
And if you really want to modify PHP’s error messages, you can use
set_error_handlerto set a custom error handler.See also OWASP’s Development Guide on “Error Handling, Auditing and Logging” for further information.
您无法更改消息:这些消息是由 PHP 生成的,而且就是这样。
But you can prevent them from being displayed to your website's users -- and still log them, for your own usage.
For that, see :
display_errors< /strong> :防止错误显示到页面的输出log_errors:指示应将错误记录到文件error_log:指定哪个文件发生错误将被记录到。Of course, that doesn't prevent you from fixing as many causes of notices / warnings / errors as possible ;-)
You cannot change the messages : those are generated by PHP, and that's the way they are.
But you can prevent them from being displayed to your website's users -- and still log them, for your own usage.
For that, see :
display_errors: to prevent errors from being displayed to the page's outputlog_errors: to indicate that errors should be logged to a fileerror_log: to specify to which file errors will be logged to.Of course, that doesn't prevent you from fixing as many causes of notices / warnings / errors as possible ;-)
摆脱所有那些无用的东西。
独自一人就足够了。
如果错误仍然存在,请检查服务器的 error_log 中的错误消息
Get rid of all that useless stuff.
alone will be enough.
If error persists, check server's error_log for the error message