Using getter method that is not implemented will get you fatal error saying how undefined method is called and request will stop. [...] On the other hand if you would use public property all you would get is a notice saying how this property does not exist and rest of request would be completed. [...] I know that this is due to dynamic typing behavior of PHP and no I am not suggesting raising a notice if undefined method gets called but since 5.1.0 there is a BadMethodCallException class which would be perfect for this situation.

There's been other people that have proposed the same idea as a bug, but nothing formal has been submitted as an RFC to make the change. Miro is looking for feedback to find if others would be interested in this feature and want to make the proposal (leave comments here).

I'd gone through all the handshaking steps, got the acces token and was ready to start talking to the service itself. However when I tried to call OAuth::fetch, I got an error message: Fatal error: Uncaught exception 'OAuthException' with message 'Invalid protected resource url, unable to generate signature base string'

As it turns out, the issue was obscure - the address she was connecting to was missing a training slash (http://api.localhost versus http://api.localhost/) and it was causing the OAuth fetch to fail (apparently undocumented). If you're interested in some of the other things that have come up in her work with OAuth on the project, see here.

In dynamic languages like PHP [errors like E_ERROR and E_PARSE] happen all the time, for example when trying to call a method on a variable you assumed was an instance of a specific class, but which for some reason suddenly was not instantiated. Not only are they often not catched, but often it is also difficult to even know that they are occurring.

His solution comes in the form of a built-in PHP function, register_shutdown_function, that executes when the PHP process is shutting down - errors or not. It takes in a callback method that has access to an exception object. You can get lots of interesting information from this object and, as in his example, log it to a file for future investigation.

There are several methods to solve errors in PHP code. Sometimes when the user waits to see an output a blank page will be shown if there is an error. To show the errors E_ALL^E_STRICT is used for the PHP 5 version. Contrarily, remaining versions just use E_ALL.

He talks about the log_errors and display_errors settings in your php.ini, the error_reporting function call or a custom error handler as shown in this example from the PHP manual.

Everyday the forums see probably hundreds of topics posted where the problem is a fairly simple error. [...] As a beginner, it can be difficult to find and solve these errors. By tackling each of these in turn, I hope to teach you some methods of finding and solving them.

They look at the different sorts of errors - syntax errors, fatal errors, warnings, notices - as well as some of the ones a bit harder to track down like database problems and logical errors.

While I would personally prefer an exception to be thrown in the first place, it is pretty easy to convert errors to exceptions in PHP.

His example is pretty simple - you set a custom error handler in your script that pulls in the error information and tosses an exception based on the error number the handler is given. Then you can use the try/catch method to see if your script has tossed an exception of the fatal error type. Nice simple solution to handle an interesting little problem.

One big issue of the PHP error handling is that there's no built-in way to catch fatal errors with an user-defined error handler. So I thought a little bit about it and maybe you have better approaches or solutions...

With the goal of emailing the developers when such an error is thrown, he comes up with three different "storage methods" - using syslog, sapi, or a common logfile - and two different methods for watching them - file watching and syslogger. He works through these two options, trying to figure out which out be the simplest to implement.

He comes to the conclusion, though, that he might just be better off with one of the packages already out there to do something similar. Of the four he found, Swatch seemed to fit the best. He includes configuration and setup info to illustrate.

The first issue is an extra notice in some cases. This all works 'fine' with PHP 5.1, however with PHP 5.2 the [following] notice was generated for this code.

The cause? Well, the magic function __get only returns the variables in read mode so they cannot be written to. In Derick's situation, there was a foreach that was trying to use the values in a read/write mode. As a result, the error was tossed. He does provide a workaround, though, involving casting the information into an array.

Anyways I just posted the following email to internals in a list attempt to get some of the people with php-dev karma to lift their finger.

In the message, he notes the change he's looking for and a suggestion to get it included before RC6 of the series gets released (which has been released as of this post already).

While talking with PHP developers this morning I thought of another way unverified serialized strings could be abused. This exploit can only affect PHP 5 installs though, but given the growing market share of PHP 5 it is certainly something worth noting.

As you may know classes in PHP are allowed to implement a magic method called __wakeup() that contains operation that are to be performed when a class is deserialized. Some native classes like PDO implement this function with a goal of preventing database serialization and throw an error when it is used.

He uses an example with PDO and a string of a serialized "supposed PDO object" to illustrate how, without the proper handling, it could lead to a fatal error in the script. The end result of the fatal error, if displaying errors is still on, could be that somewhat sensitive information could be displayed to the viewer.]]> Thu, 23 Mar 2006 06:59:23 -0600