Class phpDebug v 1.0.0

Has this ever happened to you? A website that has been running spotlessly for years needs some maintenance work to bring the code up to date with new versions of the software or to add a feature and as a consequence a new bug shows up but one that is only triggered by a remote client. To complicate matters, the error log does not have enough information to let you reproduce the bug. What to do? Write some code to solve the problem! That's how Class phpDebug was born!

Debugging is always a question of finding the evidence. Sherlock Homes would be today the world's foremost debugger! What a php programmer needs are the contents of the system variables and a trace from the requested web page to the buggy script. The additional requirements in this case in particular are that it has to work on a live website without intruding on the user experience in any way while alerting the system administrator that a bug has been triggered.

I could not find such a script. My phpErrorReporter script already has the reporting capabilities. What was needed was a way to unobtrusively collect the data. Adding a lot of debugging code to a live script is always a bad idea. phpDebug requires a single line of code, the new phpDebug instance does everything else:

good code good code new phpDebug(); code that triggers the bug

The normal php error log will give you the file name and line number that triggers the bug. You insert the code to instantiate the phpDebug class and wait for a remote user to trigger the bug.

When that happens phpDebug will generate the trace, get the contents of the system variables SERVER, GET, POST, and COOKIE, and of any other variables that you optionally request, for example $alpha and $beta:

new phpDebug(array('alpha'=>$alpha, 'beta'=>$beta));

SQL Injection

Another good use for phpDebug is to analyse attempted SQL injections. Add it to the getDatabase() function:

public function getDbResult($sql) { if($result = $this->mysqli->query($sql)) { { return $result; } // to check for SQL injections new phpDebug($sql); trigger_error("Database: {$this->mysqli->error}", E_USER_ERROR); } // getDbResult()

Output

The output is sent to the php error log and by email to the system administrator as specified in phpErrorReporter. In case you don't use phpErrorReporter you can modify the code to send it solely to the error log or some other destination.

The email you get will look something like this:

Please do not reply to this email. This is an automated message from phpErrorReporter at the indicated domain Domain: myDomain.com PHP Program Notice Time: 18-Nov-2017 15:30:11 Notice: Trace: #0 phpDebug->trace() called at [/home/user/includes/classes/phpDebug.php:63] #1 phpDebug->__construct() called at [/path/to/calling/script:256] #2 include(/path/to/include/file) called at [/path/to/webpage:5] Server: Array ( [PATH] => /usr/local/bin:/usr/bin:/bin [REDIRECT_HANDLER] => application/x-httpd-ea-php56 [REDIRECT_STATUS] => 200 [UNIQUE_ID] => WhCKQuIe154rZzdwBeADswAAAFc [HTTP_HOST] => myDomain.com ... ... ... [ORIG_SCRIPT_NAME] => /cgi-sys/ea-php56 [PHP_SELF] => /contact.php [REQUEST_TIME_FLOAT] => 1511033411.07 [REQUEST_TIME] => 1511033411 [argv] => Array ( ) [argc] => 0 ) Get: N/A Post: Array ( [name] => [email] => [subject] => [comment] => [contact_action] => Review ) Cookie: Array ( [PHPSESSID] => ep08e2to26e9o78b81lc3sdob6 ) Variables: N/A

Results

As I said at the beginning, I wrote this code to debug a live website that was giving errors caused by a remote client. The results have been excellent. Getting the error report by email is more convenient than having to go through the error log. The email has all the pertinent data to trace the bug. It even pointed out some weird code I had written a dozen years ago.

If you are careful to add the debug code only where there is a bug, as is the case of the SQL Injection code above, you can leave it in the production version as it will only trigger when bugs occur.

Denny Schlesinger

Download phpDebug v 1.0.0 (5.5 KB)

Share this article with your followers