Error reporting problem

[countrydj]

I am still having some problems with my error reporting:

PHP Code:

ini_set('display_errors', 1);
error_reporting(E_ALL); 


I get different error showing depending on where I put this code in the script.

I was advised that the code should remain in the script permanently.

Can somebody please advise me where the code is supposed to be placed in the script.

Thanks,

[durangod]

Most people put it at the top of the php file just after <?php assuming that <?php is the first thing in the top of the file which it should be.

[Fou-Lu]

I wouldn't indefinitely place error reporting in a production environment. The error reporting can give clues as to what type of data can be injected and is plainly visible to anyone that triggers it.
Error reporting should be enabled E_ALL on a development machine, not a production one.

As mentioned, set it at the top. If its < E_ALL to start with and you place it near the bottom, only executions in sequences below will be affected by the new level set.

[countrydj]

Hi Guys...
Thank you for your help.

Quote:

Originally Posted by Fou-Lu

I wouldn't indefinitely place error reporting in a production environment. The error reporting can give clues as to what type of data can be injected and is plainly visible to anyone that triggers it.
Error reporting should be enabled E_ALL on a development machine, not a production one.

As mentioned, set it at the top. If its < E_ALL to start with and you place it near the bottom, only executions in sequences below will be affected by the new level set.

It was suggested to me in a previous thread that it should be left in the script permanently.
However, I can see the point of using it in development and removing it in production.

Now for the reason for my thread. In a previous thread, somebody suggesed that if ANY errors are reported, they should be solved.:

PHP Code:

ini_set('display_errors', 1);
error_reporting(E_ALL); 


If I set this code at the very top, I get all sorts of errors because nothing has been set:

PHP Code:

<?php

ini_set('display_errors', 1);
error_reporting(E_ALL);
    //Start session
    session_start();

    //Include database connection details
    require_once('config.php');

$action = $_GET['action'];
$name = $_GET['name'];
$email = $_GET['email'];
$active = $_GET['act'];

So I move the error reporting further down:

PHP Code:

     //Check for duplicate Subscribe ID
ini_set('display_errors', 1);
error_reporting(E_ALL);

    if($email != '') {
        $qry = "SELECT * FROM bf_users WHERE email='$email'";
        $result = mysqli_query($link, $qry);
        if($result) { 


I only get 1 error:

Quote:

Notice: Undefined index: m in /home/ukzone/cws99.co.uk/html/mail/register-exec.php on line 91

Here is the offending code:

PHP Code:

  // create the MD5 hash 
  $secret_code = 'countrymusic_secret';
  $formatted_email = preg_replace("/(-|\@|\.)/", "", $from);
  $hashed = md5("$secret_code $formatted_email");

  // wait, are we verifying the email?
  if($_GET['m'] != "") {
    // this is validation routine
    if($hashed == $_GET['m']) { 


Line 91 = if($_GET['m'] != "") {

Up to now, m has not been generated.

m is generated by:

PHP Code:

$hashed = md5("$secret_code $formatted_email"); 


and is inserted into the generated email which is sent to the subscriber for verification:

PHP Code:

    $mail_body = "Please DO NOT reply to this email. It is an unattended mailbox.\n\nTo validate your email address, please click the following link:\n\nhttp://cws99.co.uk/mail/register-exec.php?email=$from&act=$active&action=subscribe&name=$name&m=$hashed";

    mail($from, "Validation Email", $mail_body, "From: noreply@cws99.co.uk\n"); 


Now back to the reason for this thread.
I just cannot see how to resolve the problem since m hasn't been generated yet.

Any advise will be gratefully appreciated.

[tangoforce]

Quote:

Originally Posted by countrydj

If I set this code at the very top, I get all sorts of errors because nothing has been set:

So I move the error reporting further down:

I only get 1 error:

If its at the top, you are turning on error reporting for the whole script. That means that ANY error will be output. If you turn it on half way down the script it will only output errors from that bit of code and below. It will not output errors on code above it. Thats how code works - top to bottom and never backwards.

As for the m problem, to test it against "" you are assuming that $_GET['m'] already exists. It may not and so by trying $_GET['m'] != "" your code will output an error or notice because $_GET['m'] doesn't actually exist to even test.

To deal with that you use the isset() function. This literally determines if $_GET['m'] "is set" - in other words was actually sent by the browser - like this:

PHP Code:

if ((isset($_GET['m'])) and ($_GET['m'] != '')) 


If it is not set, the if conditional will return false and will output no error or run that piece of code.

This concept can be a bit confusing initially but basically if the browser doesn't send it, then to PHP it doesn't exist. It's a bit like me saying to you, use http.exe to debug your ouput. You've no idea what http.exe is because its my own program that I use. IfI sent it to you by email, you would know what it is and so http.exe "is set" in your mind and it now exists. If I don't send it to you then you've no idea what it is, what it does, how to use it etc and in reality as far as you're concerned it doesn't exist.

[countrydj]

Hi tangoforce ...

Thanks very much for your quick reply.

The solution was so simple (if I knew how).

My code now reads:

PHP Code:

  if ((isset($_GET['m'])) and ($_GET['m'] != '')) {
    // this is validation routine
    if($hashed == $_GET['m']) { 


And I have no error messages.

At last I can sleep peacefully.

P.S. I won't ask you what

PHP Code:

//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value. 


means - AGAIN !!!

Thank you very much.

[tangoforce]

Quote:

Originally Posted by countrydj

P.S. I won't ask you what

PHP Code:

//Please don't use this for your form processing:
if (isset($_POST['submit']))
//Internet explorer has a bug and does not always send the submit value. 


means - AGAIN !!!

As I told you last time you asked, it's part of my signature. If you look underneath it, there is a LINK for you to click so that you can read more and see a video of the bug in action.

Open your EYES !!!