What does the "@" do?
Moderator: General Moderators
What does the "@" do?
I'm not to php and trying to figure out conventions. I ran across this piece of code in a slideshow I'm looking at:
$all_exif = @exif_read_data($curr_image, 0, true);
I can find information on exif_read_data in the manual but it doesn't have the "@". What does that do?
And can you point me somewhere for more information if it's something interesting...
$all_exif = @exif_read_data($curr_image, 0, true);
I can find information on exif_read_data in the manual but it doesn't have the "@". What does that do?
And can you point me somewhere for more information if it's something interesting...
Re: What does the "@" do?
It's PHP's error control operator. http://us2.php.net/manual/en/language.o ... ontrol.php
Never use it. You want to see your code's errors. Seeing errors is a good thing. You can't fix them if you can't see them.
Never use it. You want to see your code's errors. Seeing errors is a good thing. You can't fix them if you can't see them.
-
mattpointblank
- Forum Contributor
- Posts: 304
- Joined: Tue Dec 23, 2008 6:29 am
Re: What does the "@" do?
I use it in form validation. When I present my form, I do:
This means I don't have to produce two separate forms (one with validation errors, one without), and it preserves what the user enters when I send them back to the page after validating and finding errors.
Code: Select all
<input type="text" name="email" value="<?php echo @$_POST['email']; ?>" />Re: What does the "@" do?
You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
Re: What does the "@" do?
So if I create a script that submits the form to your website with an email value of...
...I can send people links that will look like they're going to your site but actually redirect to my website. Uh oh.
Validate things properly. Never trust user inputed values. Never output them to the page without converting them to HTML entities.
Code: Select all
"><script>window.location='http://nastyhacker.com';</script>Validate things properly. Never trust user inputed values. Never output them to the page without converting them to HTML entities.
Re: What does the "@" do?
Spot on.jackpf wrote:You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
Re: What does the "@" do?
And yeah...but since it's only your posted data, it'd only redirect you to your own site, so that'd be a bit of a lame hackonion2k wrote:So if I create a script that submits the form to your website with an email value of...
...I can send people links that will look like they're going to your site but actually redirect to my website. Uh oh.Code: Select all
"><script>window.location='http://nastyhacker.com';</script>
Validate things properly. Never trust user inputed values. Never output them to the page without converting them to HTML entities.
But I totally agree - you should still encode stuff someone posts even if they're the only one seeing it.
And if you're not doing so on insertion into the database, then yes, you'll get people doing as onion2k stated.
-
mattpointblank
- Forum Contributor
- Posts: 304
- Joined: Tue Dec 23, 2008 6:29 am
Re: What does the "@" do?
I think (if I remember rightly) that this returns a warning if the variable doesn't exist. Possibly. At least, there was a reason when I did it...jackpf wrote:You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
Onion2k: I probably should have elaborated, but I always run $_POST variables through my cleanPost("varname"); function, which sanitises them, but the same error suppression happens with that output in my code, to prevent repetition.
Re: What does the "@" do?
isset() doesn't return an error if the variable doesn't exist. That's the point of isset().
Stuff like empty() and is_null() do return errors though.
Stuff like empty() and is_null() do return errors though.
Re: What does the "@" do?
As usual, the trick to getting an answer to the question is knowing WHERE to look. I looked in the manual and rummaged Google, but nothing knew about the "@", and since I didn't know it was an error handler, I didn't ask correctly... I'm liking it....
Thanks for the help y'all.... That's 1 down, 7,999 questions to go!
Thanks for the help y'all.... That's 1 down, 7,999 questions to go!
Re: What does the "@" do?
If I were you, I would google for "php operands"dkperez wrote:As usual, the trick to getting an answer to the question is knowing WHERE to look. I looked in the manual
I successfully found the @ operand into the "Error Control Operators" in the first result.
There are 10 types of people in this world, those who understand binary and those who don't