Are they equal in safeness? I was informed that using

<?=$function_here?>

was less safe, and that it slows down page load times. I am strictly biased to using echo.

What are the advantages/disadvantages?

<? and <?= are called short open tags, and are not always enabled (see the short_open_tag directive) with PHP 5.3 or below (but since PHP 5.4.0, <?= is always available).

Actually, in the php.ini-production file provided with PHP 5.3.0, they are disabled by default:

$ grep \'short_open\' php.ini-production
; short_open_tag
short_open_tag = Off

So, using them in an application you want to distribute might not be a good idea: your application will not work if they are not enabled.

<?php, on the other side, cannot be disabled -- so, it\'s safest to use this one, even if it is longer to write.

Except the fact that short open tags are not necessarily enabled, I don\'t think there is much of a difference.

Echo is generally just better to use because...

1. It supports good programming style.
2. It can\'t be turned off in php.ini (short tags can be)
3. Short tags will be removed in PHP 6)

But, they are generally the same. See also:

1. Are PHP short tags acceptable to use?
2. How are echo and print different in PHP?

Apart from the whole semi-religious debate on whether or not using short tags are a good idea and whether or not it should be considered deprecated, the original question was on how safe or unsafe they are to use.

Simply put, if you use short tags on a server that doesn\'t support them, parts of your PHP code may be exposed which can be considered a security vulnerability.

http://php.net/manual/en/language.basic-syntax.phpmode.php states:

Starting with PHP 5.4, short echo tag is always recognized and valid, regardless of the short_open_tag setting.

short_open_tag Off or On doesn\'t matter anymore.

So now you can, without concern, put tags like this in your templates:

    <?= (($test) ? \"val1\" : \"val2\") ?>

It is official now, the \"short echo tag\" is something very different than the \"short tag\".

Just to ad another source of PSR: http://www.php-fig.org/psr/psr-1/

PHP code MUST use the long tags or the short-echo tags; it MUST NOT use the other tag variations.

specifying:

 <?php ?> and <?= ?>

So why don\'t they just remove the option to turn off short open tag and let it be enabled by default.

This is a VERY dangerous move by PHP. The reason being, if you put your existing code that has short tags in it on a PHP6 server and someone views that page, they will get the raw code downloaded to their browser which you can view. This could seriously kill off PHP.

You should use <\\?= and ask your sysadmin/host to turn the short_open_tags on, it doesn\'t have any cons to be turned off, also it has no slowdown, the parser look for the <\\? the same way it look for <\\?php inside the index, binnary search (perhaps

Also, already on PHP 5.5 <\\?= will be turned on by default and on long term <\\?= will be prefered while <\\?php echo semi deprecated.

If not surte yet.. A bit of googling helps a lot =D