I wouldn't indefinitely place error reporting in a production environment. The error reporting can give clues as to what type of data can be injected and is plainly visible to anyone that triggers it.
Error reporting should be enabled E_ALL on a development machine, not a production one.
As mentioned, set it at the top. If its < E_ALL to start with and you place it near the bottom, only executions in sequences below will be affected by the new level set.
header('HTTP/1.1 420 Enhance Your Calm');