PHP: What does the @-symbol in front of function calls mean?

2012-09-14

In some PHP scripts, I noticed the symbol @ in front of a variety of function callings. So for example, something like:

@mysql_db_query($db, $query, $verb);

Normally, I know mysql_db_query only without the @ before the call and I have tested the code with and without the @ as an experiment. Apparently, nothing changed and the code seems to have the same result every time.

So, what's the secret behind the mysterious @ symbol?

The @ symbol in PHP is served as error checking. Is the @ sign stranding in front of function calls or variables, all error messages generated thereby will be ignored.

In your example, the @ is standing before the call of mysql_query. If this function would produce an error, this error would not be outputted and would remain invisible in the browser.

The usage of @ has the advantage, that a variety of information will not be displayed in the browser. If one uses, for example, an include of a file, that does not exist, a typical PHP error would show the path of the file not found. This information may be used by a possible attacker of your homepage to be able to get the directory structure of otherwise hidden files of your website.

Especially in the development of a web site, the @ operator can be a problem. Sometimes, it can happen, for example, that a script is aborted at an error location and you get no notice about it, because that infornation was suppressed by @. This can lead to difficulties with finding bugs quickly at the devolpment time, if you are immediately using the @ operator.
2012-09-15

