This is a very good question, but at the beginning there is one wrong premise: you accept an error report for PDO, separated from system-wide error reports. This is very small: PDO errors are in all respects the same as other errors - file system errors, HTTP errors, etc. Therefore, there is no reason to report PDO errors. All you need to do is to properly set up error reporting on the site.
There is also one incorrect assumption that php.ini is unavailable: you can always set any configuration directive using the ini_set () function. Thus, there is no reason here when setting error_reporting to catastrophic level 0.
To answer the rest of your questions, all you need is a little common sense.
A large number of websites say that you should echo error messages in your catch block. A large number of users at SO state that you should not echo error messages due to security risks.
What do you think of yourself? Does it make sense to display system error messages to the user? Does an intruder demonstrate the internal system well?
Others recommend logging it to a log file outside the document root.
Do you have any objections?
Some use error handling to write to an SQL table.
Do not you think that this is contrary to the idea - to register database errors in the database?
What is the best practice for handling errors in PHP?
You have already shown this: show in dev and enter prod. Everything is monitored on the site with a few simple configuration options.
What is the best practice for handling errors in a catch block?
DO NOT use the try-catch block for error messages. You are not going to write a catch block with a friendly error message for each request in your application strong>, as suggested in another answer, are you?
So your code should be
<?php // Error handling error_reporting(-1); ini_set('display_errors',0); ini_set('log_errors',1); // Get credentials from outside document root require_once('../settings.php'); // Tests connection to database $dbh = new PDO( sprintf( 'mysql:host=%s;dbname=%s;port=%s;charset=%s', $settings['host'], $settings['name'], $settings['port'], $settings['charset'] ), $settings['username'], $settings['password'] ); // Prevents emulated prepares and activates error handling // PDO::ERRMODE_EXCEPTION $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
Now to the question that you voiced in the comment.
A custom error screen is a completely different matter, and your code is especially unpleasant. Neither it, nor 404 error, nor HTTP redirection should be used (this is very bad for SEO).
To create a custom error page, you must use either your web server capabilities (preferred) or an error handler in a PHP script.
If a fatal error occurs (and the uncaught exception is one), PHP does not respond with a 200 OK HTTP status, but with a status of 5xx. And each web server can intercept this status and show the page with the corresponding error. For instance. for Apache it will be
ErrorDocument 503 server_error.html
where you can write any excuses you want.
Or you can configure your own error handler in PHP, which will handle all PHP errors, an example can be seen in the article I wrote on this subject: (Im) the correct use of try..catch.