Jochem Maas wrote:
mike schreef:
Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <parasane@xxxxxxxxx> wrote:
I will get an error, but if I prefix the value with '@',
$query=@$_GET["q"];
The @ is an error control operator, used to buffer the output and
store it in a variable - $php_errormsg.
It's better to write clean, secure code, of course.... but
sometimes error control is a good thing, too.
why not just use:
$query = isset($_GET['q']) ? $_GET['q'] : '';
that way it's always set.
or even better (what I recommend):
$query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
and get an empty string or a sanitized string, depending on if something exists.
Mike's ways are both better than suppressing the error not only because error
suppression in general sucks but because it's actually less performant to trigger
this kind of error.
I second that. The @ symbol actually does this:
@action();
Becomes:
$old = ini_set(“error_reporting”, 0);
action();
ini_set(“error_reporting”, $old);
So, if you put that a hundred times all over your code, the errors might
be suppressed but your app is slow too.
--
Aschwin Wesselius
/'What you would like to be done to you, do that to the other....'/
