This operator is affectionately known by veteran phpers as the stfu operator.
PHP supports one error control operator: the at sign (@). When prepended to an expression in PHP, any error messages that might be generated by that expression will be ignored.
If you have set a custom error handler function with set_error_handler() then it will still get called, but this custom error handler can (and should) call error_reporting() which will return 0 when the call that triggered the error was preceded by an @.
If the track_errors feature is enabled, any error message generated by the expression will be saved in the variable $php_errormsg. This variable will be overwritten on each error, so check early if you want to use it.
<?php
/* Intentional file error */
$my_file = @file ('non_existent_file') or
die ("Failed opening file: error was '$php_errormsg'");
// this works for any expression, not just functions:
$value = @$cache[$key];
// will not issue a notice if the index $key doesn't exist.
?>
Note: The @-operator works only on expressions. A simple rule of thumb is: if you can take the value of something, you can prepend the @ operator to it. For instance, you can prepend it to variables, function and include calls, constants, and so forth. You cannot prepend it to function or class definitions, or conditional structures such as if and foreach, and so forth.
See also error_reporting() and the manual section for Error Handling and Logging functions.
Currently the "@" error-control operator prefix will even disable error reporting for critical errors that will terminate script execution. Among other things, this means that if you use "@" to suppress errors from a certain function and either it isn't available or has been mistyped, the script will die right there with no indication as to why.
Be aware of using error control operator in statements before include() like this:
<?PHP
(@include("file.php"))
OR die("Could not find file.php!");
?>
This cause, that error reporting level is set to zero also for the included file. So if there are some errors in the included file, they will be not displayed.
I was confused as to what the @ symbol actually does, and after a few experiments have concluded the following:
* the error handler that is set gets called regardless of what level the error reporting is set on, or whether the statement is preceeded with @
* it is up to the error handler to impart some meaning on the different error levels. You could make your custom error handler echo all errors, even if error reporting is set to NONE.
* so what does the @ operator do? It temporarily sets the error reporting level to 0 for that line. If that line triggers an error, the error handler will still be called, but it will be called with an error level of 0
Hope this helps someone
If you're wondering what the performance impact of using the @ operator is, consider this example. Here, the second script (using the @ operator) takes 1.75x as long to execute...almost double the time of the first script.
So while yes, there is some overhead, per iteration, we see that the @ operator added only .005 ms per call. Not reason enough, imho, to avoid using the @ operator.
<?php
function x() { }
for ($i = 0; $i < 1000000; $i++) { x(); }
?>
real 0m7.617s
user 0m6.788s
sys 0m0.792s
vs
<?php
function x() { }
for ($i = 0; $i < 1000000; $i++) { @x(); }
?>
real 0m13.333s
user 0m12.437s
sys 0m0.836s
Error suppression should be avoided if possible as it doesn't just suppress the error that you are trying to stop, but will also suppress errors that you didn't predict would ever occur. This will make debugging a nightmare.
It is far better to test for the condition that you know will cause an error before preceding to run the code. This way only the error that you know about will be suppressed and not all future errors associated with that piece of code.
There may be a good reason for using outright error suppression in favor of the method I have suggested, however in the many years I've spent programming web apps I've yet to come across a situation where it was a good solution. The examples given on this manual page are certainly not situations where the error control operator should be used.
To suppress errors for a new class/object:
<?php
// Tested: PHP 5.1.2 ~ 2006-10-13
// Typical Example
$var = @some_function();
// Class/Object Example
$var = @new some_class();
// Does NOT Work!
//$var = new @some_class(); // syntax error
?>
I found this most useful when connecting to a
database, where i wanted to control the errors
and warnings displayed to the client, while still
using the class style of access.
Be aware that using @ is dog-slow, as PHP incurs overhead to suppressing errors in this way. It's a trade-off between speed and convenience.
After some time investigating as to why I was still getting errors that were supposed to be suppressed with @ I found the following.
1. If you have set your own default error handler then the error still gets sent to the error handler regardless of the @ sign.
2. As mentioned below the @ suppression only changes the error level for that call. This is not to say that in your error handler you can check the given $errno for a value of 0 as the $errno will still refer to the TYPE(not the error level) of error e.g. E_WARNING or E_ERROR etc
3. The @ only changes the rumtime error reporting level just for that one call to 0. This means inside your custom error handler you can check the current runtime error_reporting level using error_reporting() (note that one must NOT pass any parameter to this function if you want to get the current value) and if its zero then you know that it has been suppressed.
<?php
// Custom error handler
function myErrorHandler($errno, $errstr, $errfile, $errline)
{
if ( 0 == error_reporting () ) {
// Error reporting is currently turned off or suppressed with @
return;
}
// Do your normal custom error reporting here
}
?>
For more info on setting a custom error handler see: http://php.net/manual/en/function.set-error-handler.php
For more info on error_reporting see: http://www.php.net/manual/en/function.error-reporting.php
Prepending @ before statement like you are doing a crime with yourself.
If you use the ErrorException exception to have a unified error management, I'll advise you to test against error_reporting in the error handler, not in the exception handler as you might encounter some headaches like blank pages as error_reporting might not be transmitted to exception handler.
So instead of :
<?php
function exception_error_handler($errno, $errstr, $errfile, $errline )
{
throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
}
set_error_handler("exception_error_handler");
function catchException($e)
{
if (error_reporting() === 0)
{
return;
}
// Do some stuff
}
set_exception_handler('catchException');
?>
It would be better to do :
<?php
function exception_error_handler($errno, $errstr, $errfile, $errline )
{
if (error_reporting() === 0)
{
return;
}
throw new ErrorException($errstr, 0, $errno, $errfile, $errline);
}
set_error_handler("exception_error_handler");
function catchException($e)
{
// Do some stuff
}
set_exception_handler('catchException');
?>
While you should definitely not be too liberal with the @ operator, I also disagree with people who claim it's the ultimate sin.
For example, a very reasonable use is to suppress the notice-level error generated by parse_ini_file() if you know the .ini file may be missing.
In my case getting the FALSE return value was enough to handle that situation, but I didn't want notice errors being output by my API.
TL;DR: Use it, but only if you know what you're suppressing and why.
Better use the function trigger_error() (http://de.php.net/manual/en/function.trigger-error.php)
to display defined notices, warnings and errors than check the error level your self. this lets you write messages to logfiles if defined in the php.ini, output
messages in dependency to the error_reporting() level and suppress output using the @-sign.
If you want to log all the error messages for a php script from a session you can use something like this:
<?php
session_start();
function error($error, $return=FALSE) {
global $php_errormsg;
if(isset($_SESSION['php_errors'])) {
$_SESSION['php_errors'] = array();
}
$_SESSION['php_errors'][] = $error; // Maybe use $php_errormsg
if($return == TRUE) {
$message = "";
foreach($_SESSION['php_errors'] as $php_error) {
$messages .= $php_error."\n";
}
return $messages; // Or you can use use $_SESSION['php_errors']
}
}
?>
Hope this helps someone...
error_reporting()==0 for detecting the @ error suppression assumes that you did not set the error level to 0 in the first place.
However, typically if you want to set your own error handler, you would set the error_reporting to 0. Therefore, an alternative to detect the @ error suppression is required.
NB The @ operator doesn't work when throwing errors as exceptions using the ErrorException class
I was wondering if anyone (else) might find a directive to disable/enable to error operator would be a useful addition. That is, instead of something like (which I have seen for a few places in some code):
<?php
if (defined(PRODUCTION)) {
@function();
}
else {
function();
}
?>
There could be something like this:
<?php
if (defined(PRODUCTION)) {
ini_set('error.silent',TRUE);
}
else {
ini_set('error.silent',FALSE);
}
?>
If you wish to display some text when an error occurs, echo doesn't work. Use print instead. This is explained on the following link 'What is the difference between echo and print?':
http://www.faqts.com/knowledge_base/view.phtml/aid/1/fid/40
It says "print can be used as part of a more complex expression where echo cannot".
Also, you can add multiple code to the result when an error occurs by separating each line with "and". Here is an example:
<?php
$my_file = @file ('non_existent_file') or print 'File not found.' and $string = ' Honest!' and print $string and $fp = fopen ('error_log.txt', 'wb+') and fwrite($fp, $string) and fclose($fp);
?>
A shame you can't use curly brackets above to enclose multiple lines of code, like you can with an if statement or a loop. It could make for a single long line of code. You could always call a function instead.
Though error suppression can be dangerous at times, it can be useful as well. I've found the following statements roughly equivalent:
if( isset( $var ) && $var === $something )
if( @$var === $something )
EXCEPT when you're comparing against a boolean value (when $something is false). In that case, if it's not set the conditional will still be triggered.
I've found this useful when I want to check a value that might not exist:
if( @$_SERVER[ 'HTTP_REFERER' ] !== '/www/some/path/file' )
or when we want to see if a checkbox / radio button have been submitted with a post action
if( @$_POST[ 'checkbox' ] === 'yes' )
Just letting you guys know my findings, :)