Jump to content

[SOLVED] some advice..is the @ symbol effective way to add security to your website


cluce

Recommended Posts

I just need some input from some php experts. I was using the @ symbol in my code and when I posted my code on here. Someone told me it was bad programming but when I did a google search on adding security to you php website. It was suggested to use @ to prevent the hacker from seeing your potential error in your website in the browser window.  can someone give me your opinon on this? or any ideas/tips on how to secure php wen pages?

Link to comment
Share on other sites

From what I know the '@' symbol is just a way of suppressing errors. From the little I know about it, I would say it was bad programming unless you are trying to debug a script. You shouldn't have to put it there if there wasn't an error...so why use it, unless you don't want to fix the error, which is kinda ridiculous.

Link to comment
Share on other sites

The @ system is just very poor programming. If you are in a production enviroment it is best to turn off the error reporting, that or create an error function and use that to report the syntax errors to your email and display a "nice" page to the user with little or vague information about the error encountered. Information on that can be found here:

 

http://www.phpfreaks.com/forums/index.php/topic,140239.0.html

 

www.php.net/set_error_handler

 

// error.inc.php

<?php
function error($errno, $errstr, $errfile, $errline, $errcontext) {
  echo 'There was an error on the page ' . $errno . '. Please report it to the site admin!';
}

$errorHandler = set_error_handler("error");
?>

 

//test.php

 

<?php
include('error.inc.php'); // include for error handling

echo "Testing me!!!

echo 'How about this test?';
?>

 

If not check the user contributions at the page posted above.

 

Best of luck.

Link to comment
Share on other sites

Just remember, do not use the @ symbol, it will not add security, just supress errors. And if you are only working with localhost, why are you worried about security from error messages?

 

It is in a LIVE production enviroment you want to be worried about those, on localhost you want to see the errors so you can fix them. Use the above function with test production whatever you really feel like. Just don't use those stupid @ error surpressors.

Link to comment
Share on other sites

The others have given you 90% of the story, so here's the last 10% .. all rules can be broken.  But you can only break them when you understand them fully.  There ARE situtations in which using @ is the right thing to do.  I use it when dealing with functions that produce warnings for failure conditions that I am actually expecting to happen.  But those situations are very rare.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.