PHP echo vs PHP short echo tags
Solution 1
<? and <?= are called short open tags, and are not always enabled (see the short_open_tag directive) with PHP 5.3 or below (but since PHP 5.4.0, <?= is always available).
Actually, in the php.ini-production file provided with PHP 5.3.0, they are disabled by default:
$ grep 'short_open' php.ini-production
; short_open_tag
short_open_tag = Off
So, using them in an application you want to distribute might not be a good idea: your application will not work if they are not enabled.
<?php, on the other side, cannot be disabled -- so, it's safest to use this one, even if it is longer to write.
Except the fact that short open tags are not necessarily enabled, I don't think there is much of a difference.
Solution 2
Echo is generally just better to use because...
- It supports good programming style.
- It can't be turned off in php.ini (short tags can be)
Short tags will be removed in PHP 6)
But, they are generally the same. See also:
Solution 3
http://php.net/manual/en/language.basic-syntax.phpmode.php states:
Starting with PHP 5.4, short echo tag is always recognized and valid, regardless of the
short_open_tagsetting.
short_open_tag Off or On doesn't matter anymore.
So now you can, without concern, put tags like this in your templates:
<?= (($test) ? "val1" : "val2") ?>
It is official now, the "short echo tag" is something very different than the "short tag".
Solution 4
Apart from the whole semi-religious debate on whether or not using short tags are a good idea and whether or not it should be considered deprecated, the original question was on how safe or unsafe they are to use.
Simply put, if you use short tags on a server that doesn't support them, parts of your PHP code may be exposed which can be considered a security vulnerability.
Solution 5
Just to add another source of PSR: http://www.php-fig.org/psr/psr-1/
PHP code MUST use the long tags or the short-echo tags; it MUST NOT use the other tag variations.
specifying:
<?php ?> and <?= ?>
homework
Updated on July 18, 2020Comments
-
homework almost 4 years
Are they equal in safeness? I was informed that using
<?=$function_here?>was less safe, and that it slows down page load times. I am strictly biased to using echo.
What are the advantages/disadvantages?
-
mpen over 14 yearswhat?! 6 is removing them? lame-sauce! if i'm in charge of the server i don't care about portability.
<?=is so much nicer than<?php echo -
mauris over 14 years@Mark - it's more standardized for all to use <?php ?>, instead of one programmer using <% %>, the other using <%= %>, and another one <? ?> and they don't know they all speak the same language.
-
mauris over 14 yearsWorse of all: <script language="php"> ... </script>
-
DGM over 14 yearsThe php community's aversion to short tags just baffles me; removing them altogether n php6 is just final proof to me that the php design team are nuts. <?= $foo ?> is so much cleaner in a template than <?php echo $foo; ?>
-
Your Common Sense about 14 yearsphp6 reason is just not true -
keyle almost 14 yearsyeah apparently php6 will lose the asp notation: "<%". Not all short-tags. So "<?" is still valid and reason "3" above is false.
-
Gordon over 13 yearsPHP6 or whatever the next version will be called will NOT remove short-open-tags. If anything they will be disabled by default. -
Slawek over 12 yearsMaybe using GD or CURL or PHP at all is not a good idea too, because they're external modules and can be turned off on some lame shared hosting providers? It's complete BS they're almost always turned ON.
-
Pascal MARTIN over 12 yearsConsidering they are turned off in the default production configuration, I think they'll be turned on less and less often ;; considering that not using them is simple/easy... well, you are of course free of using whatever syntax you want, I just hope for you that you will not have to deploy your application on a server that has the default configuration for this directive ;-)
-
Slawek over 12 yearsDefault configuration for PHP, mysql and apache isn't suitable for production usage and we all know it :) You're only advocating writing unreadable code... because of what? One server out of 40 may not support short tags? :) ... Beside This directive also affected the shorthand <?= before PHP 5.4.0, which is identical to <? echo. Use of this shortcut required short_open_tag to be on. Since PHP 5.4.0, <?= is always available.
-
Pascal MARTIN over 12 yearsI unfortunately don't have numbers to back up my theory, but I wouldn't take the 1/40 chance on this point (and, in fact, I am not -- and I work in a company in which we configure our servers ourselves, and do not depend on an external hosting service) ;; I should add that PHP 5.4 is not released (yet -- it should be in a few days/weeks), and it will takes months to be installed on 1/40 servers out there (not to mention the time it'll take to have it installed on 50% of them... )
-
Blouarf about 9 yearsshort echo tag CANNOT be turned off in the php.ini. And it was supported by Rasmus himself.
-
Sean the Bean almost 7 yearsThank you @keyle for that clarification! :)
-
Scott C Wilson almost 2 yearsThis is the correct modern answer. Some of the older answers are confusing short tags (which can be turned off and are deprecated) with short echo tags (which cannot be turned off).
