Disabling the silence @-operator in PHP

PHP supports one error control operator: the at sign (@). When prepended to an expression any error generated by that expression will be ignored. It can also be useful for hiding errors generated by various functions.Take the following simple example:

$var = $_GET['data'];

If the ‘data’ parameter is not defined the expression will generate an error.

Notice: Undefined index: data in /var/www/test.php on line 9

You can hide the error using the silence @-operator.

$var = @  $_GET['data'];

Although quite useful at some times, using the @-operator can have some annoying side effects. Say you are using some external libraries in your application which uses the @-operator. If everything works fine than good. But if the library is generating some errors than it becomes difficult to point the exact location where the error occurs, as the @-operator hides it. If the external library is large, it becomes a headache to remove all the @ from the code. One nice option I found is the Scream Pecl extension. The extension allows you to easily disable the @-operator in your code without making any actual changes to the code.

Installing the Scream extension

As a pre-complied binary is not available, you need to make it yourself. The following shows commands to compile the extension on Ubuntu.

First you need to install the Pear distribution environment.

sudo apt-get install php-pear

Next you will need to install the php5-dev package to get the required PHP5 source files to compile additional modules.

sudo apt-get install php5-dev

Finally we are ready to actually create and install the extension.

sudo pecl install scream-0.1.0

Once the extension is created and installed, we need to add one to the php.ini file.

sudo gedit /etc/php5/apache2/php.ini

In the ‘extensions’ section add the following line:
extension=scream.so;

After the php.ini has been updated, you need to restart Apache, so that the new extension is loaded.

sudo /etc/init.d/apache2 restart

If hopefully all went well, the Scream extension should now be loaded, which you can confirm using phpinfo().

Breaking the Silence operator

Now you can disable the @-operator in your code using the following:

ini_set('display_errors', 1);
error_reporting(E_ALL | E_STRICT);
 
// Disable the @-operator
ini_set('scream.enabled', true);
$var = @ $_GET['data'];

Or you can directly enable the extension in your php.ini.

scream.enabled=1

Now even though the silence operator is present the above code generates an error if the ‘data’ parameter is not set. Atlast no need to hunt down for @’s while debugging.

5 thoughts on “Disabling the silence @-operator in PHP

  1. Three things:

    a) “Notice” is NOT (considered) an error.

    b) Displaying of a notice would happen only if you explicitely change the default behaviour to something else INCLUDING E_NOTICE, instead of (E_ALL ^ E_NOTICE)

    c) Using the @-silencer is a sign of bad coding anyway. Better use either a function or method that automatically replaces the value of the variable which is not set (and thus empty). Something like this:

    function isGetSet( $strVarName, $alternativeVar = NULL ) {
    $return = $alternativeVar;

    if( isset( $_GET[$strVarName] ) && !empty( $_GET[$strVarName] ) ) {
    $return = $_GET[$strVarName];
    }

    return $return;
    }

    $var = isGetSet(‘data’);

    This way you also automatically could implement a filter set to avoid XSS or other attacks of any kind.

    cu, w0lf.

  2. Never know about this, thx alot for sharing. But well.. sometimes i found ‘@’ operator is usefull to silence some anoying warning when we host beta application for demo or something like that.

  3. @ operator is useful when you want to check if something succeeded, but you don’t want to use the “original error”.
    Like:

    $result = error_function();

    if(!$result)
    echo ‘Fail’;

Comments are closed.