Originally Posted by
paalgg
I've been using the practice of having the whole configuration for an application in an array and passing this array to the objects that needs it.
Do you mean you pass all of your settings to every object that needs maybe only one?
Originally Posted by
paalgg
Today I had an experience, something went wrong and the object was written to output. Since the array was stored as a private variable in the object, the whole configuration array was also written, including username, password and host of the SQL server.
It's so stupid, I actually shouldn't be admitting it here on the forum.
google your own site for typical error messages, check the damage, change the passwords.
Originally Posted by
paalgg
What actions do you do to prevent this?
The server does not write error messages anymore to output.
make sure that display_errors = off is a global setting, don't be doing it on per directory or per script settings.
Globally off, locally on only when you absolutely must, but generally send that output to your log files.
I often have a debug mode for my scripts, but as I dev on windows and live is *nix its easy to double check for location before echoing debug to the screen.
PHP Code:
$DBG = true ;
//$DBG = false ;
.. later ...
if( $DBG && PHP_OS == "winnt" ){
// echo any debug stuff
// or set display_errors = on
}
I've also seen similar, and used it, where you search for the existence of a local file.
PHP Code:
if( $DBG && file_exists( "/local.flag" ) ){
// out put potentially dangerous things
}
Bookmarks