What does the @ mean?

[EchoFool]

Hey,

 

 

I recently been learning some php scripts for a engine i am creating, and i am seeing this in some of the example scripts:

 

 

if (!@$user['id']) {
		GLOBAL $wrongPass;
		$wrongPass = true;
		return false;
	}

 

 

I'm familiar with PHP but i have never seen the @ symbol before. It seems to make no difference if i remove it =/

 

 

What does it actually do for the if statement, does it make it case insensitive or something?

[dragon_sa]

The @ symbol is used to suppress errors, meaning that if the statement it precedes produces an error, the error will not displayed in the web browser.

[EchoFool]

So thats surely a bad idea to use the @ ?

[trq]

Yes it's a bad idea. So is using the global keyword. This suggests that whatever examples it is your looking at are crap.

[EchoFool]

Hmm i've seen alot of scripts use GLOBAL $db for mysql engines =/ always thought it was the norm.

[trq]

Your looking in the wrong places then. That is one thing with PHP though, there is more bad code than good out there.

[EchoFool]

So for something like this:

<?php
function insert(){
GLOBAL $db;
$id = SQLSkip(($_POST['id'])); // escape stuff
$this -> db -> getRow (" SELECT `username` FROM `users` WHERE `userid` = $id " ) ;
}
?>

Is not a safe option ?

[jcbones]

Safe, yes. Bad coding, yes.  What happens when you change your database connection variable to $conn.  You have just broken that function.  Now not a big deal if the function resides in the current script you are working in.  However, what if it resides in a file that was included?

 

In your script though, the global is not even needed, since you are working in a class.  $db is a variable of the class, so it can be used as $this->db (and it is).

[trq]

It has nothing to do with safety and everything to do with poor design. Your insert() function now relies upon some $db variable being defined in code that it has no control over.

[trq]

Actually, looking at your code again, your not even using the $db variable you've pulled in using global.

[MMDE]

I've experienced at least one time where it has been a good idea to use it...

 

I wanted to do something to a dynamic file. I did check the file extension and the mime, but it still could end in error if there was something wrong with the file, which I've seen happen without somebody doing it on purpose (images btw). The function would return an error if it failed, but I didn't want it to output this error, but instead do something else. I believe I did something like this, if(@$variable=function($file)), to make it do what I wanted to.

 

The point is anyways that there are cases where it could be useful. Same where when a function if it fails could show sensitive information you don't want anyone to see.

 

Also, I'm not saying this guy have used GLOBAL and @ wisely.