I don't understand why someone is using the @ in the code, I have seen it with mysql connections but I don't know what it means.. thanks!
$player_name_orig = @$_GET['player'];
if (!$player_name_orig) {
die('You must specify a player name');
}
Asked
Active
Viewed 1,774 times
0
AndrewFerrara
- 2,313
- 8
- 28
- 44
-
2possible duplicate of [Reference - What does this symbol mean in PHP?](http://stackoverflow.com/questions/3737139/reference-what-does-this-symbol-mean-in-php) – ircmaxell May 03 '11 at 19:52
4 Answers
13
The @ is the error suppression operator.
In this specific context, it's a (wrong!) way to avoid PHP giving a notice if the player key does not exist in $_GET:
If you try this:
unset($_GET['player']); // to make sure
echo $_GET['player'];
You get:
Notice: Undefined index: player in F:\dev\www\index.php on line 35
While if you try this:
unset($_GET['player']); // to make sure
echo @$_GET['player'];
There is no output.
The correct way to do this:
if (empty($_GET['player']) {
die('You must specify a player name');
}
Jon
- 413,451
- 75
- 717
- 787
2
The @ will stop any errors from appearing and return false on an error.
So in your code if $_GET['player'] does not exist then the code will go into the if statement
Naftali
- 142,114
- 39
- 237
- 299
0
the "@" is used to prevent any warning or error message to appear. It's a really bad habit. Doing that a lot of hidden operations are done (removing error handler, and putting it back after).
The right way to do that operation is:
// my_security_filter() is a function that can render FALSE and remove any dangerous thing
$player_name_orig = array_key_exists('player',$_GET)? my_security_filter($_GET['player']) : FALSE;
if (FALSE===$player_name_orig) { ...
regilero
- 28,801
- 6
- 58
- 97