Error messages

By default many Web servers show PHP error messages and you have learned how to turn on errors even if they are off by default.  This is very useful in spotting what mistakes you make during development.  However, it may also allow people to discover things about your server and its files.  For example, when using SQL the error message may tell you names of databases, fields etc..  Error messages can be turned off in php.ini if you have access to that file on your server or on a page by putting this at the top of any PHP (once per page):


Open your PHP template if you need to remind yourself what files you have included (at the top).  Open the one which contains error settings in your editor.  This line should already be there but is commented out.  If you have any public pages you should now comment out the top two lines (which turn errors on) and uncomment the last line (the one shown above).