Is it best to use @ to stop errors in php code

Hey Rajug.
Yes, you’re talking of intentional errors.
That’s what I am talking about.
As I can see, you’re using @ to suppress “file not found” error.
But there can be many other errors. like open_basedir, permissions, wrong catalog.
All these errors can affect existing file! But you won’t see them. That’s what I am talking about.

You must use same solution as for the starting question. Simple checking will eliminate possibility of this kind of error.

if (file_exists($filepath . $filename))  unlink($filepath . $filename);

If it is supposed that there can be no file to unlink, we have to check it first.
Leave errors for the real emergency cases.

Your program should generate no errors if everything goes right.
Very simple rule.
Very simple to follow.
Save you from whole life long debugging.

I’m interested in finding out if there if a way to properly handle errors from preg_match without requiring suppression. Are try/catch blocks suitable for that?

I’m unsure, the PCRE options available in the ini are sparse.

However, I’d only use the above method if the pattern was dynamically built, otherwise suppressing the warning would not be required.

Just use this : http://php.net/manual/en/function.set-error-handler.php and http://www.php.net/manual/en/function.set-exception-handler.php . More work the first time you have to use it but then, you control your errors exactly how you want (ie : like sending a mail if something critical is down, logging stacktraces instead of just using the server logs etc.).

Is it easy enough for you to create a modification of his example code, to demonstrate proper usage for the OP, so that @ is not used to handle the suppress exceptions?

Ok, here is what I use these days :

function customErrorHandler($errorNbr, $errorMessage){
  $backtrace = debug_backtrace();
  $lvl = '';
  switch($errorNbr){
  case E_ERROR:
  case E_CORE_ERROR:
  case E_COMPILE_ERROR:
  case E_USER_ERROR:
  case E_PARSE:
    $lvl = 'Error';
    break;
  case E_WARNING:
  case E_CORE_WARNING:
  case E_COMPILE_WARNING:
  case E_USER_WARNING:
    $lvl = 'Warning';
    break;
  case E_NOTICE:
  case E_USER_NOTICE:
    $lvl = 'Notice';
    break;
  case E_STRICT:
    $lvl = 'Strict';
    break;
  default:
    $lvl = 'Unknown error type';
    break;
  }
  $errorString = '
<tr>
  <td>'.date('H:i:s').'</td>
  <td>'.$lvl.'</td>
  <td>'.htmlentities($errorMessage).'</td>
  <td>'.print_r($backtrace, true).'</td>
</tr>';
  error_log($errorString,3,dirname(__FILE__).'/../logs/errors_'.date('Y-m-d').'.log');
}


set_error_handler('customErrorHandler');
$com = round(($cout / $dim * 100), 2); 

It saves all errors with a lot of details in a file per day. And yes, I know all the CORE and COMPILE errors are not catched.

Hey Paul. I appreciate the way you stop offtopic arguing. I should do it that way myself. But just one little bit of it
I were waiting if you ask what’s the proper way of testing
Imagine you did. And then I’d say:
The only proper way of handling performance issues if profiling.
Once one get familiar with it, they’d forget of such a waste things like “concatenation vs. expanding”, “single vs. double” or slowdowns of @. Moreover, their eyes would open to things, never known before - the real performance issues which have real influence on timing and resource consumption.
No more word of it.

That’s right. profiling provides much better gains than micro-optimisations. it’s better to go after that which gives 20% improvement in running speed, rather than 1% improvements.

Would you like to start a separate thread for the discussion of profiling tools?

Sounds like an excellent ‘sticky’ contribution, how-to, overview, tutorial etc…

It’s something that is very rarely mentioned here but something every coder should know.

I beg my pardon to the crowd, but I feel a bit talkative today

Hey Raju.
Here’s what came to my mind.
Imagine you’re living in the house with fire alarm system.
And got a habit to prepare barbecue indoors.
So, smoke detector begin to alarm each barbecue time.
It gets on your nerves and you gag it. Nothing disturbs you anymore.
…
When a real fire disaster happens, it remain silent. Everything went to ashes…

The very same way for the error notification.
Once you gag it just for easiness, it will spoil you at disaster time.

I am not taking the things about error notifications that much lightly Shrapnel_N5 what you have thought. I’ve never ignored anything not only the cases of error error notifications but also with other things while programming that might cause the vulnerability in the site. I was just talking the use of @ in some particular case where we (I) can ignore like what I have talked in my example in previous. I indeed check (file_exists) as you have suggested above if I think for other problems can happen.

BTW, I know, in some cases, I might not be able to express clearly my feelings/knowledge what I have (that is because of poor English) but I am not those of one who needs to study to understand what are the errors/warnings/notifications are for in programming.

Profiling doesn’t provide any gains.

I suggest that this part of the conversation be taken to a separate thread about profiling.

Profiling shows you where you can make gains … it doesn’t provide any in itself.
Shrap is well aware of this, his point is that you shouldn’t run around believing every blog post, rather profile your code, then optimise it.
And also, back on topic, there is no place for @ ever. Why silence the fire alarm when you can just divert it’s output to the fire department.

:phew:

That’s a relief. I’m pretty sure that we can all agree with that.

I’m putting my head down for a while, but I hope in the morning to see someone start a separate thread about profiling (so as to not take over this current one) if we want to have further discussion about it.

I never really use @, just had a error and decided to use it to see what things looked like without the error in the browser, but it’s now removed as I used the if statment and therefore have no @'s in my script anymore.

Do you also log errors like failed login attempts to that log or do you log any failed user login attempts to a separate file (or to a database table)?