Dreaming of DawnProduction websites should not have big ugly php errors. If you leave display_errors on you are asking for trouble. Even worse is when this mistake is made on a site frequented by geeks of all flavors. PHP already has a "bad rap" for security (deserved or not).
The latest site to be a perpetrator of this problem? http://www.dilbert.com/ home of the great comic. (thanks to Pierre for pointing it out) But please, turn display_errors off and log them!
[photopress:wt4808a44ac4d31_thumb_large.jpg,thumb,pp_image] - here's a pretty look at the site, recorded for posterity by webthumb.
I like to set up "environments" in my applications that deal with things like display_errors and other ini settings that can be altered at runtime that I want changed depending on if I'm debugging, testing, or deploying the application.
What's your favorite PHP website error story?
Edit: I've found a couple of linkbacks saying things like "oh you shouldn't turn errors off you should fix them" - I think you missed the point. I'm not advocating turning ERRORS off, I'm saying on a production site don't be stupid and show them to the user - hence display_errors should be off (see, display_errors not error_reporting...errr duh). Log your errors people!
Philip Olson
Many official php.net mirrors leave display_errors on, and as you can imagine it's embarrassing when an error is committed to phpweb. One day here someone will mention this setting within php.net/mirroring although now that you raised the question I have a hunch we'll all talk about it and do something there soon... :)
2008-04-18 7:13 am