I have a custom error-handler class (actually it's an exception handler)
So, when an exception is thrown, then it'll be caught and stored in the error-handler class..
After all the execution, All the errors will be shown by the class..
Is it a good or bad practice ? Does it really hurt performance ?

If it is a bad or a good practice depends on what exaclty does the code where you use your class, how many errors can potentially be shown to the user and so on. For instance, if you're building a login page, it's absolutelky a good practice collect error in username, error in password, erro in captcha and then show them to the user, so he/she can correct them all. But if you're doing a long process can be more useful show errors when they occur.
I would'nt worry about performances: it's just a millisecond issue.

I totally agree with it being bad. Bad if you allow your user to see it. Errors about your script, database, config file, ando other site related settings must be keep private and must be recorded in the log file.

I really don't know why it has to be on the front-end. if that is the intension of the OP, IMHO , we don't tell the user if something is wrong in the back-end unless it is a user related such as 'we are conducting a maintenance at this time, please come back later'. Giving so much information about your errors can lead to vulnerability exposure.

In fact, when we write an application we always suppressed possible errors e.g. @exec('ffmpeg').

Member Avatar


Exceptions can be very useful when you're devloping the code or handing it off to somebody else to extend - or even to store details in a log file. But as mentioned, they shouldn't really be used for general consumption. If you want to pass info to the user that something went wrong, a general statement should suffice - no need for any granularity - they don't need to know that there's an error in the "PDO exec() part of the update_SQL function on line 1009 in file mydbconnection.php" for example.

Let me precise my thought. I meant speak about custom error messages, not standard. You never have to say what's went wrong with your code, as it ahs been said, to avoid security issues. But since in several cases you need to provide some feedback to the user, it's absolutely a good practice using oop to collect exceptions and, let's say, store in a log file the error message and give to the user another generic message.
I'm sorry for having not be precise enough.

Even if it's a millisecond, you should still be somewhat critical. Think about it. If your site got popular over night for some reason, those milliseconds would add up fairly quickly. Try to design something that will cause the least delay possible. <1ms is good.