Hei, Richard I've looked into the php.ini.* files of PHP 5.4 for windows and saw the following line in *production*: error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT display_errors = On log_errors = On
and the following line in *development*: error_reporting = E_ALL display_errors = Off log_errors = On I also looked up the function error_reporting and came around that: http://no.php.net/manual/en/errorfunc.configuration.php#ini.error-reporting http://php.net/manual/en/function.error-reporting.php#refsect1-function.error-reporting-changelog The first link seems to contain some out-dated information ... That was the reason why you raised the RFC, right? Here's how I understood the second link and the settings I found in the windows version: You'll get every message reported by the php-parser in your log by default if you're working using the development version and won't get any deprecated and strict messages in *production*. If this messages are written into a log-file or passed to the output is up to the rest of the settings where in both environments both they're written into the error-log-file but only *development *it is additionally visible to the user. So for the windows environment (if you'd ask me) this seems solved. I have not looked into the other environments yet. If they are not the same we should work to keep the default-configuration in one way, whatever OS you're working on. Bye Simon 2012/2/27 Richard Lynch <c...@l-i-e.com> > On Mon, February 27, 2012 1:33 pm, Kris Craig wrote: > > I think it's a good idea, though I'm not sure it should be done in the > > production one as well. I'm not sure, but I think these errors are > > generally suppressed in production because of potential security > > concerns > > involved in making those errors public. > > I would contend that if you have any errors at any level of E_* going > out over HTTP, you have done it "wrong". > > It is true that in the days of register_globals, the E_NOTICE going to > the HTML was a gold-mine for abusers of potential security threats. > > But all of E_* messages are also goldmines of the same ilk. > > That said, > > > I would suggest amending the RFC so that it only applies to > > php.ini-development. Other than that, I like it. > > If most cheap webhosts chose php.ini-development, I'd be okay with > this, as it probably is not suitable for PRODUCTION environments for > the experts. > > Unfortunately, most cheap webhosts go with php.ini-production, as they > are production environments, and the unwashed masses of users of said > cheap webhosts are the target audience of the proposal. > > As stated in the RFC, the experts can and will change their php.ini to > their taste in each environment: It's the masses of users who don't > even know there is a choice that are being hurt by the current default > setting, writing bad code, asking questions of obvious typos that > E_NOTICE would catch, and remaining un-educated for too long that they > develop bad habits. > > Not that I think this will eliminate newbie postings. There will > always be those who don't even read or comprehend the most clear error > messages. > > But I think it will reduce the number of postings by newbies who are > tripped up by the typical mistakes E_NOTICE exposes. > > > PS > I want to thank you for your reasoned response, especially given the > other thread we are involved in! > > -- > brain cancer update: > http://richardlynch.blogspot.com/search/label/brain%20tumor > Donate: > > https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=FS9NLTNEEKWBE > > > > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > >
