I'm making a custom wrapper for the mysql_ functions when MySQLi, e.g. isn't available, and when it can't connect, it throws an exception. However, the fatal error output is this:
Fatal error: Uncaught exception 'Exception' with message 'Failed to connect to database.' in
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\MiniTicket\database.php:16
Stack trace:
#0C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\MiniTicket\database.php(49):MySQL->__construct('localhost', 'miniticket', 'mtu:r!Nj@~qR6f9...')
#1C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\MiniTicket\index.php(3):require_once('C:\Program File...')
#2 {main} thrown in C:\Program Files (x86)\Apache Software Foundation\Apache2.2\htdocs\MiniTicket\database.php on line 16
As you can see, my database password is clearly displayed for everyone to see. Not good. I don't want to turn these messages off, especially in development, but I don't want sensitive information displayed either. Using set_error_handler is also not a great solution, because I have to parse everything, and that's prone to error.
So... is there an easy way to disable the display of the parameters in a function inside an error message, preferably through PHP and not in some configuration file?
Edit: Disabling the filepath except for the filename would be a bonus, too.
You should separate your error handling between production and development where development displays the error information and production shows a friendly error message but does not output anything PHP does. Log the output to file instead.