Reputation: 5183
How to @include() my secret file without error text (when there's no file) but with error text if any error is in this file?
$admpage=md5($_SERVER[DOCUMENT_ROOT]).'.php';
if(!@include($admpage)){echo "error opening Adminpage";}
So, in case there's no such file there should be error error opening Adminpage.
But if in included file IS error in code, it shows nothing.
In other words, I need to turn off errors reporting while including, but turn them on while executing included file.
PS
I tried eval() but that is much worse then @include()
PPS
I need to include any files, but if error (while encluding or executing), then show error but never show filename
Upvotes: 0
Views: 139
Answers (3)
Reputation: 34632
It seems, your goal is to suppress error messages from including a non-existent file.
This is how you could do this:
$old = ini_set('display_errors', 0); // Do not show errors to client
$fileExists = file_exists($someFile) && is_readable($someFile);
ini_set('display_errors', $old); // Restore old value
if (!$fileExists)
die('Error opening admin page');
include($someFile);
Why the many steps?
file_exists and also is_readable will print error messages on certain conditions: there could be a safe_mode or open_basedir restriction issue (not everyone uses PHP 5.3 already). The server might also run with suPHP which will make a file unreadable, too.
Why is it wrong?
Your concept: Relying on an obscured file's name for pseudo-authentication is called "security by obscurity". For example, anyone with access to your browser history would know the URL. This isn't very safe...
My answer: Simply turning off display_errors is as safe as setting error_reporing to zero: simply not. E.g.: once a custom error handler is being installed, both these settings are "ignored". It is the custom error handler's responsibility to check these values accordingly.
You might consider using different php.ini settings for both your production and development environment. The first should ideally show no error messages whatsoever, whereas the the latter should spill all of them.
Read up on:
Upvotes: 2
Reputation: 14875
What's about file_exists?
if(!file_exists($admpage)){echo "error opening Adminpage";}
If you really want to just turn off error reporting while including like this: @include("script.php");
then wrap the code in the file in a function, e.g. myFunc() and then call that after the include.
Upvotes: 0
Reputation: 2597
Only include when the file does exist using:
if (file_exists($admpage) && is_readable($admpage)) {
include($admpage);
}
Upvotes: 0
Related Questions
- How to include a file only if the file exists in PHP?
- Including file with try and catch function
- PHP: Error handling with include
- How to echo error message if include can't find the file
- Need to Error Trap include_once somehow
- How to prevent errors during include if file not exist (without @)
- Including files and handling errors
- try catch a failed include
- On error, attempt to include a file and re-execute the failed function
- Include file_exists safety