What is the function of the @ in front of expressions in PHP?

Question:

Looking through the PHP documentation I have found something that I had never seen before. Prepending an @ to an expression to ignore error messages if they occur.

Example:

//Si no tenemos la $key, va a dar un error y el programa lo va a ignorar
$valor = @$valores[$key]; 

The problem, or what I see as a problem, is that putting the @ can give rise to major security flaws, since it is ignoring any error that occurs in your application.

To make matters worse, it currently also ignores critical errors as indicated in the documentation :

Warning: Currently, the "@" prefix operator for error handling will even disable error reporting in cases of critical failures that will terminate script execution. Among other things, this means that if "@" is used to debug a certain function and the function is not available or has been written incorrectly, the script will stop at that point with no indication why.

The truth is that it is very difficult for me to think in a production environment ignoring the errors that appear in the application. Even in a test environment, in which it would be even more necessary to have a good control of errors to be able to correct them in a much easier way.

In fact, I have seen that with the set_error_handler function you can perform custom error handling. However, if you use the @ front of your expressions, it will simply return zero.

Therefore, I have had several questions regarding this error handling operator:

  • Does it have any other function than to ignore errors in the program?
  • Is the @ used in production environments?
  • And related to the above, is there a case in which the use of this operator is required? That is, would it be useful to use this operator in a specific case?

Answer:

What is the function of the @ in front of expressions in PHP?

Suppresses error messages, includes Notice, Warning, and critical errors.

Does it have any other function than to ignore errors in the program?

No.

Is the @ used in production environments?

Yes and No. It depends on the developer.

And related to the above, is there a case in which the use of this operator is required? That is, would it be useful to use this operator in a specific case?

For a reason an error is thrown and if that error is shown to the user it can finally be dangerous, for that reason the errors should be dealt with correctly.

So .. Ignore with @ would not be ideal or advisable, instead you can ignore / suppress errors with php.ini and / or define / treat errors with set_error_handler () .

Scroll to Top