Suppressing PHP Errors & Warnings Using @

One part of making sure your website is secure in its hosting environment is to handle errors in a good fashion. If you don't have complete control of your hosting environment, you don't know what you can expect in the way of error handling if you don't do everything you can think of.

One method I use in all of my programming is to place an '@' character in front of function calls that have potential for returning warnings or errors.

@require($_SITE['ROOT'].$_FOLDERS['CONTROL'].'logger.php'); // suppress a file not found error
@mysql_connect($host,$user,$pass); // suppress no connection error

I recommend using the @ once your website is in production. I generally don't use the @ on development servers because I want to be aware of errors during development.


Comments

  1. David Walsh

    Quick Update: Doing this is not recommended for large web applications as it can be very expensive.

  2. ZoFreX

    This is the worst advice I’ve ever heard. This is an old post so I assume (hope) you realise that now, but it ranks very highly on Google, so if you just got here from a search:

    DO NOT DO THIS

    Errors are thrown for a reason, David is correct that displaying them to end-users is incorrect (it’s messy and potentially a security issue), and that errors should be correctly handled. Ignoring is not handling! You can set your php.ini for production and turn off displaying errors, logging them instead, and you can create a custom error handler for more advanced things. Whatever you do, don’t just ignore them!

    • FredWallace

      As he points out, some people may not “have complete control of [their] hosting environment”. That means not everyone has the luxury of editing php.ini.

    • Nemo

      “Worst advice I ever heard” is a very harsh comment. In the right context the @ trick can be very useful.

      Take for instance the getimagesize function that returns size and other information for an image file. The nice thing about it is that it can work with a URL. But what if the URL is no longer valid? It throws up an error. It is far more elegant to simply absorb that error with an @getimagesize and then detect it by checking to see if the length of the “array” returned is less than 7.

      Thank you, David. I have used @ once or twice but I always have to hunt around for it each time I need it.

  3. Neo

    Cool, never thought about that! This will work great in my CLI scripts ;)

    Thanks

  4. jeff

    Agree with the statement this is very bad advice. Following this will likely leave you hunting bugs and running wild.

    Usually good advice found here. Updating this blog post would be a VERY good idea, since it ranks so high!


Be Heard!

Share your thoughts without being a jerk! And wrap your code in <code> tags, f00!

Name*:
Email*:
Website: