Oh, i agree entirely. Ok, i'll look into the logging/mailing solution - something i've been doing in ASP for years but am new to in PHP.
Cheers, .b > -----Original Message----- > From: Jon Haworth [mailto:[EMAIL PROTECTED]] > Sent: 03 May 2002 11:57 > To: '[EMAIL PROTECTED]'; PHP > Subject: RE: [PHP] Re: PHP with MySQL > > > Hi Ben, > > > John, presumably I can leave the error reporting on - > > but pipe it into a file if i wanted, rather than > > displaying on screen, and then redirect the user to > > another page? > > Of course you can - I generally have my pages send me email when > they throw > an error, but that's because I'm really lazy and I can't be bothered to go > and check log files all the time <g> > > It's just not a stunning idea to display an error messages that give away > out any information you could hold back - one of the starting > points for an > attacker is to try and mess up your query strings, and if you're merrily > telling them exactly what the problem is, you're helping them out :-) > > Cheers > Jon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
