PDO Error Check

[NorseMan]

I have developed this database connection. I took a little from here and a little from there. I began to study it more closely.  As I understand this, if this fails, it will release a lot of information to website visitors, such as passwords etc. Actually, the user does not need a lot of error codes if the connection to the DB is not successful. I am the one who needs that information. So how do I keep the print-to-screen information, but without the user on the website getting this information? I'm the only one who needs that information. Heres the script:

<?php
try {
    $pdo = new PDO('mysql:host=sql31.mcb.webhuset.no;dbname=**********;
    charset=utf8', '**********', '********');
    
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    
    $output = 'No ERROR.';
    } catch (PDOException $e) {
    
    $output = 'ERROR: ' . $e;
    }
    include __DIR__ . '/../templates/output.html.php';

 

[Michalio]

Add at the top of the file:

<?php
error_reporting(NULL);
ini_set('display_errors', 0);

it will hide all errors, but you will able to check them on the error log. You can upgrade that a little bit:

<?php
if ($_ENV['SERVER_ENVIRONMENT'] === 'production') {
	error_reporting(NULL);
	ini_set('display_errors', 0);
} else {
	error_reporting(E_ALL);
	ini_set('display_errors', 1);
	ini_set('html_errors', 1);
}

then set up the environment variable on your server to SERVER_ENVIRONMENT = production and SERVER_ENVIRONMENT = development on your local device

 

[NorseMan]

+-----------------------+---------------+--------------+
| php.ini file setting | development | production |
| | server | server |
+-----------------------+---------------+--------------+
| error_reporting | E_ALL | E_ALL & E_Notice|
| display_errors | ON | OFF |
| log_errors | OFF | ON |
+-----------------------+---------------+--------------+