Why Are "Echo" Short Tags Permanently Enabled as of PHP 5.4

  • Home
  • Languages
  • PHP
  • Why Are "Echo" Short Tags Permanently Enabled as of PHP 5.4

Why are echo short tags permanently enabled as of PHP 5.4?

Short open tags are not always enabled since PHP 5.4. The documentation talks about the short echo tags. Which is a different thing. (short open tags are <? style tags, short echo tags are <?= style tags, for echo-ing).

Then why are they enabled by default now? Well, there are a lot of scripts out there, where it benefits to use <?= $somevar ?> instead of <?php echo $somevar ?>. And because the short echo tags aren't as bad as the short open tags, they chose to always enable the short echo tags. Because now developers (of frameworks and CMS-es) can count on them (or rather, when PHP 5.4 becomes mainstream).

However, the short open tags are still influenced by the short_open_tag setting in your php.ini.

PHP include runs when in short tags even when short tags are turned off

The included files are not read on the compilation phase but during runtime.

Since your PHP interpreter doesn't interpret the code in short tags and dumps it directly to the browser, it is not guilty for replacing the include statements with the content of the included files.

There is no php.ini setting that could persuade it to behave like this.

I can imagine other causes:

  • a PHP extension that replaces the include/require statements with the content of the included files;
  • a pre-processing script that does the same and/or combines multiple PHP files into a single one (Symfony does something similar);

The purpose of such a processing is to optimize the script by minimizing its disk access.

Short echo repurposed in newer versions of PHP?

The current documentation does not reflect any change of behaviour of shorthand echo (<?=) since version 5.4.0, in which only the necessary configuration to enable it was changed.

  • http://php.net/manual/en/function.echo.php

PHP echo vs PHP short echo tags

First of all, <?= is not a short open tag, but a shorthand echo, which is the same as <?php echo. And it cannot be disabled. So, it's safe to use in the meaning it is always enabled.

Speaking of safety in terms of security, the output must be always encoded according the the output medium rules.

For example, when echoing data inside HTML, it must be html-encoded:

 <?= htmlspecialchars($function_here, ENT_QUOTES) ?>

Or, when echoing data inside JavasScript, it must be javascript encoded:

 <script>var=<?= json_encode($function_here) ?>

Or, when it's going to be both HTML and JS, then both encodings must be used:

<?php foreach($links as $label => $url): ?>
    <br>
    <form method="post">
        <button class="my" onclick="<?=htmlspecialchars("window.open(".json_encode($url).")", ENT_QUOTES) ?>">
            <?=htmlspecialchars($label, ENT_QUOTES) ?>
        </button>
    </form>
<?php endforeach ?>

Speaking of short open tags, there is only one, <?, and it's not always enabled (see the short_open_tag directive).

Actually, in the php.ini-production file provided with PHP 5.3.0, they are disabled by default:

$ grep 'short_open' php.ini-production
; short_open_tag
short_open_tag = Off

So, using them in an application you want to distribute might not be a good idea: your application will not work if they are not enabled.

<?php, on the other side, cannot be disabled -- so, it's safest to use this one, even if it is longer to write.

Short echo repurposed in newer versions of PHP?

The current documentation does not reflect any change of behaviour of shorthand echo (<?=) since version 5.4.0, in which only the necessary configuration to enable it was changed.

  • http://php.net/manual/en/function.echo.php

PHP Short Open Tag prints 1

Because it returns true. You need to use include_once without the short open tag, so like this:

<?php include_once 'includes/footer.php';?>

When you write an open short tag, like this;

<?= include_once 'includes/footer.php';?>

You actually write this:

<?php echo include_once 'includes/footer.php';?>

Which results in "1" on your screen.

Is ? ... ? valid shorthand PHP and will it always work?

This shorthand has been available for a very long time, but its use is discouraged (and nowadays disabled by default) because of various incompatibilities with other languages — ambiguity with ASP's ability to accept <? x ?>, and with various XML constructions, are two obvious examples.

Opt not to use it.

By contrast, the <?= x ?> shorthand (equivalent to <?php echo x ?>) has had a resurgence in popularity and is enabled by default since PHP 5.4, because it does not suffer from the same problems.

As always, consult the documentation for canonical information on such things.


Related Topics

Codeigniter - How to Catch Db Errors

Cakephp 2.0 - How to Make Custom Error Pages

Laravel Model with Two Primary Keys Update

PHP Foreach with Nested Array

How to Do Error Logging in Codeigniter (Php)

Phpmailer Addaddress()

How to Use Open Id as Login System

How to Increment Letters Like Numbers in PHP

Upload 1Gb Files Using Chunking in PHP

Laravel App Stopped Working After Upgrading to PHP 8

How to Get the Total Number of Rows of a Group by Query

How to Get Ssl Certificate Info with Curl in PHP

How to Run PHP Files on My Computer

How to Check If Time Is Between Two Times in PHP

Pdo PHP Fetch Class

Performance of Try-Catch in PHP

PHP Move_Uploaded_File() Fails Without Reason

Posting Multidimensional Array with PHP and Curl


Leave a reply



Submit