HighFile-scopePHP Plug & play

Do Not Expose Error Details in Production

Configure your application not to display detailed error messages (stack traces, PHP warnings) to end users in production. Instead, log errors for developers and show a generic message to users.

Add to Mesrai Open workspace

Why this matters

Detailed error messages can reveal sensitive information (directory structures, SQL queries, keys) useful to attackers. Logging errors internally and hiding details from users improves security and UX.

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
// showing errors in production
?>

Prefer

<?php
ini_set('display_errors', 0);
ini_set('log_errors', 1);
error_reporting(E_ALL);
// in production, errors are logged but not displayed
?>

More snippets

Bad

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
// showing errors in production
?>

Good

<?php
ini_set('display_errors', 0);
ini_set('log_errors', 1);
error_reporting(E_ALL);
// in production, errors are logged but not displayed
?>

Related rules

From the same buckets as this rule.

Critical
Avoid equality operators in loop termination conditions
Check if loops use equality operators (== or !=) in termination conditions. These can lead to infinite loops if the condition is never met exactly. Instead, use relational operators like < or > for safer loop termination.
error-handlingreadability-refactor
Critical
Avoid Returning Null in Non-Async Task Methods
Returning null from a Task or Task<T> method causes a NullReferenceException if awaited. Use Task.CompletedTask or Task.FromResult<T>(null) instead.
error-handlingreadability-refactor+1
Critical
Avoid Using Boolean Expressions in `except` Statements
Detect `except` clauses that use `or` or `and` to catch multiple exceptions. This does not work as intended. Recommend using a tuple of exceptions instead.
error-handlingstack-python

Bad vs. good

Side-by-side examples engineers can pattern-match during review.

Avoid

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
// showing errors in production
?>

Prefer

<?php
ini_set('display_errors', 0);
ini_set('log_errors', 1);
error_reporting(E_ALL);
// in production, errors are logged but not displayed
?>

More snippets

Bad

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
// showing errors in production
?>

Good

<?php
ini_set('display_errors', 0);
ini_set('log_errors', 1);
error_reporting(E_ALL);
// in production, errors are logged but not displayed
?>

Related rules

From the same buckets as this rule.

Critical

Avoid equality operators in loop termination conditions

Check if loops use equality operators (== or !=) in termination conditions. These can lead to infinite loops if the condition is never met exactly. Instead, use relational operators like < or > for safer loop termination.

error-handlingreadability-refactor

Critical

Avoid Returning Null in Non-Async Task Methods

Returning null from a Task or Task<T> method causes a NullReferenceException if awaited. Use Task.CompletedTask or Task.FromResult<T>(null) instead.

error-handlingreadability-refactor+1

Critical

Avoid Using Boolean Expressions in `except` Statements

Detect `except` clauses that use `or` or `and` to catch multiple exceptions. This does not work as intended. Recommend using a tuple of exceptions instead.

error-handlingstack-python