Last Updated on 2 weeks by Sachin G
PHP is a widely used server-side scripting language, but when an error occurs, PHP often displays it directly in the web browser. While this might help during development, showing errors publicly in a production environment is a major security risk. It can expose sensitive information such as file paths, database queries, or even an email address — all of which can be exploited.
To ensure a secure and professional experience for your end users, this article explains how to stop printing PHP error messages to the browser using the display_errors directive in your PHP configuration file.
Why You Should Disable PHP Error Display
Security: Revealing line numbers, file names, or undefined variables can provide attackers with valuable insights.
Professionalism: A website that displays Fatal errors, Warning errors, or syntax errors seems broken or amateur.
User Experience: Exposing technical details can confuse and frustrate users.
What Is display_errors in PHP?
The display_errors The directive in PHP controls whether errors are shown in the browser.
By default, this might be enabled in a development environment, but must be turned off in production.
In most cases in PHP is by default configured to display errors directly on the web browser .it can be helpful at the time of the development process for troubleshooting and debugging the issues. but it may reveal sensitive information about your application code infrastructure, making it easier for potential attackers to exploit vulnerabilities.
How to Prevent PHP Errors from Being Displayed on the Browser
Disabling the display_errors directive is a simple process that consists of changing in php configuration settings. Follow these steps to prevent PHP errors from being displayed on your browser:
Locate the PHP Configuration File:
The location of the PHP configuration file can be found in different ways and the configuration file location depends on your server setup. The default location of the php.ini file is /etc/php.in . But here I am explaining how you can find it through the phpinfo() function. The simple method is to create a PHP file eg. infophp.php with the following content:
<?php
phpinfo();
?>To upload the file, explore your website server’s document root directory. Then, access the file through your web browser by visiting the website at https://domain_name_or_IP/infophp.php. Once the infophp.php file loads, you’ll find the path to your PHP configuration file displayed under “Loaded Configuration File”.
You can disable display_errors in several ways, depending on your server setup:
1. Using php.ini File and find display_errors :
Use a vi or nano text editor to open the php.ini file. Find the display_errors directive within the php.ini file. By default, it is set to On , and we have to set the value to Off.
display_errors = On(By Default): Errors will displayed on the browser.- display_errors = Off: Errors are silenced.
The line should look like below:
display_errors = Off
After saving and exiting from the editor, we have to restart the web server service to apply the changes. This step is necessary for the new configuration settings to take effect. Reload the phpinfo code, and you can verify that the directive should be updated.
2. Using .htaccess File (For Apache servers)
If you’re on shared hosting, add this to your .htaccess file:
php_flag display_errors Off
php_flag log_errors On
Note: This only works if PHP is running as an Apache module.
3. Using ini_set() In a PHP File
This method disables error display at runtime.
ini_set(‘display_errors’, 0);
ini_set(‘log_errors’, 1);
Not recommended as a permanent solution for production environments.
How to Confirm display_errors Is Disabled
Run this small script:
<?php
echo 'Display errors is: ' . ini_get('display_errors');
?>Or check via:
php -i | grep display_errorsIf you want to read more blog post . Just visit Tech Transit .
I’m Sachin Gupta — a freelance IT support specialist and founder of Tech Transit. I’m certified in Linux, Ansible, OpenShift (Red Hat), cPanel, and ITIL, with over 15 years of hands-on experience. I create beginner-friendly Linux tutorials, help with Ansible automation, and offer IT support on platforms like Upwork, Freelancer, and PeoplePerHour. Follow Tech Transit for practical tips, hosting guides, and real-world Linux expertise!