>> mike schreef:
>>> Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <parasane@xxxxxxxxx
>>> wrote:
>>>>> I will get an error, but if I prefix the value with '@',
>>>>> $query=@$_GET["q"];
>>>> The @ is an error control operator, used to buffer the output
>>>> and store it in a variable - $php_errormsg. It's better to
>>>> write clean, secure code, of course.... but sometimes error
>>>> control is a good thing, too. why not just use:
>>> $query = isset($_GET['q']) ? $_GET['q'] : '';
>>> that way it's always set.
>>> or even better (what I recommend):
>>> $query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);
>>> and get an empty string or a sanitized string, depending on if
>>> something exists.
>> Mike's ways are both better than suppressing the error not only
>> because error suppression in general sucks but because it's
>> actually less performant to trigger this kind of error.
> I second that. The @ symbol actually does this:
> @action();
> Becomes:
> $old = ini_set("error_reporting", 0);
> action();
> ini_set("error_reporting", $old);
> So, if you put that a hundred times all over your code, the errors
> might be suppressed but your app is slow too.
Thank you all. As I said, I learned this by osmosis, applying other
people's code. I am not fluent in PHP. That is why I wanted a
reference in the documents. I do not sprinkle the @ symbol through my
code to avoid careful construction, I used it in a specific instance
to deal with an empty query string, over which I had no control. I
will study the alternatives offered here and do some recoding.
--
Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
