What does the "@" do?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dkperez
Forum Commoner
Posts: 26
Joined: Fri Jun 26, 2009 9:41 am

What does the "@" do?

Post by dkperez »

I'm not to php and trying to figure out conventions. I ran across this piece of code in a slideshow I'm looking at:

$all_exif = @exif_read_data($curr_image, 0, true);

I can find information on exif_read_data in the manual but it doesn't have the "@". What does that do?
And can you point me somewhere for more information if it's something interesting...
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: What does the "@" do?

Post by onion2k »

It's PHP's error control operator. http://us2.php.net/manual/en/language.o ... ontrol.php

Never use it. You want to see your code's errors. Seeing errors is a good thing. You can't fix them if you can't see them.
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: What does the "@" do?

Post by mattpointblank »

I use it in form validation. When I present my form, I do:

Code: Select all

 <input type="text" name="email" value="<?php echo @$_POST['email']; ?>" />
This means I don't have to produce two separate forms (one with validation errors, one without), and it preserves what the user enters when I send them back to the page after validating and finding errors.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: What does the "@" do?

Post by jackpf »

You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: What does the "@" do?

Post by onion2k »

So if I create a script that submits the form to your website with an email value of...

Code: Select all

"><script>window.location='http://nastyhacker.com';</script>
...I can send people links that will look like they're going to your site but actually redirect to my website. Uh oh.

Validate things properly. Never trust user inputed values. Never output them to the page without converting them to HTML entities.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: What does the "@" do?

Post by onion2k »

jackpf wrote:You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
Spot on.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: What does the "@" do?

Post by jackpf »

:)
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: What does the "@" do?

Post by jackpf »

onion2k wrote:So if I create a script that submits the form to your website with an email value of...

Code: Select all

"><script>window.location='http://nastyhacker.com';</script>
...I can send people links that will look like they're going to your site but actually redirect to my website. Uh oh.

Validate things properly. Never trust user inputed values. Never output them to the page without converting them to HTML entities.
And yeah...but since it's only your posted data, it'd only redirect you to your own site, so that'd be a bit of a lame hack :P

But I totally agree - you should still encode stuff someone posts even if they're the only one seeing it.

And if you're not doing so on insertion into the database, then yes, you'll get people doing as onion2k stated.
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: What does the "@" do?

Post by mattpointblank »

jackpf wrote:You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
I think (if I remember rightly) that this returns a warning if the variable doesn't exist. Possibly. At least, there was a reason when I did it...

Onion2k: I probably should have elaborated, but I always run $_POST variables through my cleanPost("varname"); function, which sanitises them, but the same error suppression happens with that output in my code, to prevent repetition.
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: What does the "@" do?

Post by jackpf »

isset() doesn't return an error if the variable doesn't exist. That's the point of isset().

Stuff like empty() and is_null() do return errors though.
dkperez
Forum Commoner
Posts: 26
Joined: Fri Jun 26, 2009 9:41 am

Re: What does the "@" do?

Post by dkperez »

As usual, the trick to getting an answer to the question is knowing WHERE to look. I looked in the manual and rummaged Google, but nothing knew about the "@", and since I didn't know it was an error handler, I didn't ask correctly... I'm liking it....

Thanks for the help y'all.... That's 1 down, 7,999 questions to go!
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: What does the "@" do?

Post by VladSun »

dkperez wrote:As usual, the trick to getting an answer to the question is knowing WHERE to look. I looked in the manual
If I were you, I would google for "php operands" ;)
I successfully found the @ operand into the "Error Control Operators" in the first result.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply