PHP Error Levels & error_reporting
Also Known As
PHP error reporting
E_ALL
E_NOTICE
error_reporting()
TL;DR
PHP's graduated error severity system from E_NOTICE to E_ERROR, controlled by error_reporting and display_errors INI directives.
Explanation
PHP errors span multiple levels: E_ERROR (fatal, stops execution), E_WARNING (non-fatal runtime), E_NOTICE (minor runtime hints), E_DEPRECATED, E_STRICT (coding standards), E_PARSE (compile-time syntax), and the aggregate E_ALL. error_reporting = E_ALL is the correct development setting — it surfaces E_NOTICE and E_DEPRECATED issues that become real bugs. display_errors must be Off in production (log instead). set_error_handler() registers a custom handler to convert errors to exceptions or structured log entries. PHP 8.0 promotes many warnings to TypeErrors, making strict typing even more valuable.
Common Misconception
✗ Setting error_reporting(0) in production is a valid security measure. Hiding errors does not prevent them — it makes debugging nearly impossible and can mask security-relevant failures. Log errors to a file with display_errors=Off and log_errors=On instead.
Why It Matters
PHP's error level bitmask controls which errors are reported and logged — running production with E_ALL hidden masks bugs; running development without E_DEPRECATED misses upgrade-breaking changes.
Common Mistakes
- Setting error_reporting = 0 in development — hides all errors and makes debugging impossible.
- Not enabling E_DEPRECATED — deprecated function calls are silent until the version that removes them.
- Using display_errors = On in production — leaks file paths, stack traces, and database structure to users.
- Not converting errors to exceptions with set_error_handler() — errors and exceptions get handled inconsistently.
Code Examples
✗ Vulnerable
# php.ini — production with errors displayed:
error_reporting = E_ALL
display_errors = On ; Never in production — use log_errors = On instead
log_errors = Off ; Errors not logged — invisible failures
✓ Fixed
; php.ini — development: show everything
error_reporting = E_ALL
display_errors = On
log_errors = On
; php.ini — production: log, never display
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
// PHP — set at runtime (overrides php.ini)
error_reporting(E_ALL);
set_error_handler(function(int $errno, string $errstr, string $file, int $line): bool {
if (!(error_reporting() & $errno)) return false; // respect @ operator
throw new \ErrorException($errstr, 0, $errno, $file, $line);
});
// Convert all errors to exceptions — makes them catchable and loggableReferences
Tags
🤝 Adopt this term
£79/year · your link shown here
Added
15 Mar 2026
Edited
22 Mar 2026
Views
33
🤖 AI Guestbook educational data only
|
|
Last 30 days
Agents 1
No pings yesterday
Perplexity 10
Amazonbot 8
Unknown AI 3
Ahrefs 2
Google 2
SEMrush 2
ChatGPT 1
Also referenced
How they use it
crawler 26
crawler_json 1
pre-tracking 1
Related categories
⚡
DEV INTEL
Tools & Severity
🟡 Medium
⚙ Fix effort: Low
⚡ Quick Fix
Set error_reporting(E_ALL) in development to see every notice and deprecation — these are bugs waiting to become errors in the next PHP version
📦 Applies To
PHP 5.0+
web
cli
🔗 Prerequisites
🔍 Detection Hints
error_reporting(0) or E_ERROR only suppressing notices warnings; @ error suppression operator in code
Auto-detectable:
✓ Yes
phpstan
phpcs
semgrep
⚠ Related Problems
🤖 AI Agent
Confidence: High
False Positives: Low
✓ Auto-fixable
Fix: Low
Context: File