Re[2]: The 'at' sign (@) variable prefix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Greetings, ""Crash" Dummy".
In reply to Your message dated Tuesday, October 7, 2008, 15:54:14,

>>> mike schreef:

>>>> Mon, Oct 6, 2008 at 12:17 PM, Daniel Brown <parasane@xxxxxxxxx
>>>> wrote:

>>>>>> I will get an error, but if I prefix the value with '@',

>>>>>> $query=@$_GET["q"];

>>>>> The @ is an error control operator, used to buffer the output
>>>>> and store it in a variable - $php_errormsg.   It's better to
>>>>> write clean, secure code, of course.... but sometimes error
>>>>> control is a good thing, too.  why not just use:
>>>> $query = isset($_GET['q']) ? $_GET['q'] : '';

>>>> that way it's always set.

>>>> or even better (what I recommend):
>>>> $query = filter_input(INPUT_GET, 'q', FILTER_SANITIZE_STRING);

>>>> and get an empty string or a sanitized string, depending on if
>>>> something exists.

>>> Mike's ways are both better than suppressing the error not only
>>> because error suppression in general sucks but because it's
>>> actually less performant to trigger this kind of error.

>> I second that. The @ symbol actually does this:

>> @action();

>> Becomes:

>> $old = ini_set("error_reporting", 0);
>> action();
>> ini_set("error_reporting", $old);

>> So, if you put that a hundred times all over your code, the errors
>> might be suppressed but your app is slow too.

> Thank you all. As I said, I learned this by osmosis, applying other
> people's code. I am not fluent in PHP. That is why I wanted a
> reference in the documents. I do not sprinkle the @ symbol through my
> code to avoid careful construction, I used it in a specific instance
> to deal with an empty query string, over which I had no control. I
> will study the alternatives offered here and do some recoding.

If you're using it to deal with possible empty input data, you'd better do it
explicitly enstead.

Something like this:

  if(!array_key_exists('from_year', $_POST)
    || !array_key_exists('from_month', $_POST)
    || !array_key_exists('from_day', $_POST)
    )
  {
    throw new Exception('No start date given', 100);
  }



-- 
Sincerely Yours, ANR Daemon <anrdaemon@xxxxxxxxxxx>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux