Page 1 of 1

What does @ do?

Posted: Sat Sep 21, 2002 5:13 am
by f1nutter
Hi,

I have just added PHP and MySQL to my hosting package. An example connection file was placed on the site for me to read. It is slightly different from the connection method I have been using for testing at home. This is what they suggest:

Code: Select all

$connection = @mysql_pconnect("host", "username", "password");
From the manual I see that this creates a persisten connection, and understand this. However, what puzzles me is the "@" symbol. I have tried searching for this character, but nothing shows up in the manual or forum. I know that it is used for documentation in Java, but not before a function call. Any ideas?

Thanks.

Posted: Sat Sep 21, 2002 6:45 am
by jonsyd
if you prepend @ to an expression, it turns off error reporting just for that expression. Its usually used if you want to handle errors yourself. You just need to remember to check for the errors later in the script. See:
http://uk.php.net/manual/en/features.error-handling.php
Jonny

Posted: Sun Sep 22, 2002 11:11 pm
by Sevengraff
woah, ive been wondering what the @ did for a while!

Posted: Mon Sep 23, 2002 11:35 am
by f1nutter
Like most people in this forum suggest, I have placed my db connection details in a file to be included with each script that uses my database.

There have been various discussions about the security of this method, and one problem I found, which wasn't mentioned, is what happens when the MySQL host goes down, but the PHP server stays running? (My host has a seperate "Web" server to the MySQL server.)

You cannot connect to your database and a warning comes back, "Cannot connect, error in file host/include/connection.php at line 3" or whatever.

Then, someone else knows where your connection file is located, and can include this file (absolute address) and get at your database.

By adding "@", this removes this problem and is one more way to foil an attack.

Hurrah!

Posted: Mon Sep 23, 2002 12:50 pm
by Takuma
He can't view the PHP file though... So if you save it in ".php" they can't see the php code unless they hack your host.

Posted: Mon Sep 23, 2002 4:24 pm
by f1nutter
They don't need to know whats "in" your file, just include the file and use the settings to connect to your database.

Code: Select all

<?php
include("http://somewhere.com/include/connection.php");

?>
and use your database.

Posted: Tue Sep 24, 2002 5:00 am
by twigletmac
If the host is set to localhost in the connection script then they won't be able to connect to your database from a remote server. If host is an IP address then they may be able to connect if your hosting company hasn't limited access with your username to the server on which your site files reside. The main issue that I could see is the fact that if you've got a bunch of variables like $user/$username and $pass/$password/$pword or the like they could echo them out and gain access to your database through something like http://www.yoursite.com/phpMyAdmin/.

Mac

Posted: Tue Sep 24, 2002 9:53 am
by phice
*learns something everyday* :oops: