Are they equal in safeness? I was informed that using
<?=$function_here?>
was less safe, and that it slows down page load times. I am strictly biased to using echo.
What are the advantages/disadvantages?
Are they equal in safeness? I was informed that using
<?=$function_here?>
was less safe, and that it slows down page load times. I am strictly biased to using echo.
What are the advantages/disadvantages?
Just to ad another source of PSR: http://www.php-fig.org/psr/psr-1/
specifying:
Apart from the whole semi-religious debate on whether or not using short tags are a good idea and whether or not it should be considered deprecated, the original question was on how safe or unsafe they are to use.
Simply put, if you use short tags on a server that doesn't support them, parts of your PHP code may be exposed which can be considered a security vulnerability.
<?
and<?=
are called short open tags, and are not always enabled (see theshort_open_tag
directive) with PHP 5.3 or below (but since PHP 5.4.0,<?=
is always available).Actually, in the php.ini-production file provided with PHP 5.3.0, they are disabled by default:
So, using them in an application you want to distribute might not be a good idea: your application will not work if they are not enabled.
<?php
, on the other side, cannot be disabled -- so, it's safest to use this one, even if it is longer to write.Except the fact that short open tags are not necessarily enabled, I don't think there is much of a difference.
You should use <\?= and ask your sysadmin/host to turn the short_open_tags on, it doesn't have any cons to be turned off, also it has no slowdown, the parser look for the <\? the same way it look for <\?php inside the index, binnary search (perhaps
Also, already on PHP 5.5 <\?= will be turned on by default and on long term <\?= will be prefered while <\?php echo semi deprecated.
If not surte yet.. A bit of googling helps a lot =D
Echo is generally just better to use because...
Short tags will be removed in PHP 6)But, they are generally the same. See also:
So why don't they just remove the option to turn off short open tag and let it be enabled by default.
This is a VERY dangerous move by PHP. The reason being, if you put your existing code that has short tags in it on a PHP6 server and someone views that page, they will get the raw code downloaded to their browser which you can view. This could seriously kill off PHP.