mike schreef: > Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <parasane@xxxxxxxxx> wrote: > >>> I will get an error, but if I prefix the value with '@', >>> >>> $query=@$_GET["q"]; >> The @ is an error control operator, used to buffer the output and >> store it in a variable - $php_errormsg. > >> It's better to write clean, secure code, of course.... but >> sometimes error control is a good thing, too. > > why not just use: > $query = isset($_GET['q']) ? $_GET['q'] : ''; > > that way it's always set. > > or even better (what I recommend): > $query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING); > > and get an empty string or a sanitized string, depending on if something exists. > Mike's ways are both better than suppressing the error not only because error suppression in general sucks but because it's actually less performant to trigger this kind of error. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php