Use of
print_r()
to log can be risky if the variable contains sensitive information371 if ($this->do_debug >= 1) {
372 echo '<pre>';
373 foreach ($this->errors as $error) {
374 print_r($error);375 }
376 echo '</pre>';
377 }
Description
Debugging functions such as var_dump
, print_r
or var_export
should not be kept in production code. These functions display information about the variable, which can be helpful during development. However, if they contain any sensitive information, the presence of these functions in production code can expose that. Therefore, it is advised to avoid using it in production.
Bad practice
function getUser() {
$query = buildQuery('users', ['*']);
var_dump($query);
}
Recommended
function getUser() {
$query = buildQuery('users', ['*']);
Log::info(print_r($query, true));
}