DO not use @ while testing
Then add it in production
It works in non-disclosing info that can concur in helping a hacker, the less feedback info available to a user when a conn fails the better you will be

Regards

Henry

Hi,

you add the @ if you don't want the function's own error message show up and clutter your html page -- additionally revealing internal information like a path and more -- if the function is dying.
With the @ the function would die silently.

However, you then should try to detect any error on your own anyway and do some basic error handling like
@mysql_select_db($database,$returncode);
if ($returncode == "bad") {
write_to_a_logfile_and_fire_up_an_alert_to_the_admin;
echo "Sorry, this seems not to work right now, plse come back later...";
}

Regards,
R.

Error Control Operators [php.net]

other useful things re: Error Handling and Logging [php.net]

I don't think I use @ ever

The best thing to do if you want to avoid problems like people seeing sensitive data returned by a function, etc is to set up a custom debug mode.

For example:

index.php

<?php
//
// Debug constant
define('DEBUG', 1);

// Grab the global
if (!@include_once('global.php')) {
die('Global script unavailable.');
}
// The rest of the code
?>

global.php

<?php
// Prevent direct access
if (!defined('DEBUG')) {
die('Invalid request.');
}

if (DEBUG == 1) {
error_reporting(E_ALL);
} else {
error_reporting(0);
}

Well, not exactly, but you get the point. Try to avoid it if you can. Use some custom functions that print out different messages on errors.

There are those rare occasions when you have to use it. For example, I have a dynamic database class that connects to various database types. MSSQL returns a accessible message on a failed connect but MySQL returns an error and prints it out on screen because it actually requires you to be connected to get an error message.