Page 1 of 1
What does the "@" do?
Posted: Thu Jul 09, 2009 8:33 am
by dkperez
I'm not to php and trying to figure out conventions. I ran across this piece of code in a slideshow I'm looking at:
$all_exif = @exif_read_data($curr_image, 0, true);
I can find information on exif_read_data in the manual but it doesn't have the "@". What does that do?
And can you point me somewhere for more information if it's something interesting...
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:39 am
by onion2k
It's PHP's error control operator.
http://us2.php.net/manual/en/language.o ... ontrol.php
Never use it. You
want to see your code's errors. Seeing errors is a good thing. You can't fix them if you can't see them.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:43 am
by mattpointblank
I use it in form validation. When I present my form, I do:
Code: Select all
<input type="text" name="email" value="<?php echo @$_POST['email']; ?>" />
This means I don't have to produce two separate forms (one with validation errors, one without), and it preserves what the user enters when I send them back to the page after validating and finding errors.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:44 am
by jackpf
You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:48 am
by onion2k
So if I create a script that submits the form to
your website with an email value of...
Code: Select all
"><script>window.location='http://nastyhacker.com';</script>
...I can send people links that will look like they're going to your site but actually redirect to my website. Uh oh.
Validate things properly. Never trust user inputed values.
Never output them to the page without converting them to HTML entities.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:49 am
by onion2k
jackpf wrote:You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
Spot on.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:49 am
by jackpf
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:53 am
by jackpf
onion2k wrote:So if I create a script that submits the form to
your website with an email value of...
Code: Select all
"><script>window.location='http://nastyhacker.com';</script>
...I can send people links that will look like they're going to your site but actually redirect to my website. Uh oh.
Validate things properly. Never trust user inputed values.
Never output them to the page without converting them to HTML entities.
And yeah...but since it's only your posted data, it'd only redirect you to your own site, so that'd be a bit of a lame hack
But I totally agree - you should still encode stuff someone posts even if they're the only one seeing it.
And if you're not doing so on insertion into the database, then yes, you'll get people doing as onion2k stated.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 8:59 am
by mattpointblank
jackpf wrote:You should use isset() instead. Suppressing an error doesn't fix your code, it just means you can't see the error.
I think (if I remember rightly) that this returns a warning if the variable doesn't exist. Possibly. At least, there was a reason when I did it...
Onion2k: I probably should have elaborated, but I always run $_POST variables through my cleanPost("varname"); function, which sanitises them, but the same error suppression happens with that output in my code, to prevent repetition.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 10:22 am
by jackpf
isset() doesn't return an error if the variable doesn't exist. That's the point of isset().
Stuff like empty() and is_null() do return errors though.
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 5:06 pm
by dkperez
As usual, the trick to getting an answer to the question is knowing WHERE to look. I looked in the manual and rummaged Google, but nothing knew about the "@", and since I didn't know it was an error handler, I didn't ask correctly... I'm liking it....
Thanks for the help y'all.... That's 1 down, 7,999 questions to go!
Re: What does the "@" do?
Posted: Thu Jul 09, 2009 5:23 pm
by VladSun
dkperez wrote:As usual, the trick to getting an answer to the question is knowing WHERE to look. I looked in the manual
If I were you, I would google for "php operands"

I successfully found the @ operand into the "Error Control Operators" in the first result.