SitePoint Sponsor

User Tag List

View Poll Results: Do you use short tags

Voters
55. You may not vote on this poll
  • Yes

    10 18.18%
  • No

    45 81.82%
Page 1 of 3 123 LastLast
Results 1 to 25 of 56
  1. #1
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Short tags / Standard tags

    Ok, theres an argument between me and Kieran.in about short tags.

    Let's resolve it!
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Standard. Simple fact is that short tags will result in your source code exposion if they are turned off. And that's a serious security issue.
    Saul

  3. #3
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    But the point is, why would they get turned off?
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  4. #4
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Why do people do stuff? Why do things happen? They just do and I don't wanna take any chances. Picture a very common scenario: host provider updates php on the server and overrides the short tags setting, it indicates a terrible support but you bet they do it, I have clients who experience it quite often. And I don't know about you, but I don't want my code exposed like that just because I didn't add three extra letters.
    Saul

  5. #5
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized.
    ; NOTE: Using short tags should be avoided when developing applications or
    ; libraries that are meant for redistribution, or deployment on PHP
    ; servers which are not under your control, because short tags may not
    ; be supported on the target server. For portable, redistributable code,
    ; be sure not to use short tags.
    ...from the php.ini file that accompanies PHP5.2.4

    Yes, is most cases web hosts do turn short tags on. Occasionally they may be off. Sometimes, someone will run code using short tags where they shouldn't. As php_daemon said this will break the site and can be a security issue.

    Why cater for the probable and usual situations?
    Why not write more robust code?
    Why not get into the habit of writing more reliable code instead of trying to save a second here and there?

    Short tags are a false economy IMO.

    It's also common practice to test that a DB connection was successful before using it. The database will almost always be up, but we still write code that caters for the situation when it's down.
    Ajax transactions usually work, but sometimes they fail. We should write code that can handle those situations and not lose data or bugger up the user experience.

  6. #6
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If I recall correctly, short tags are invalid XML. So you can't parse a PHP sourcefile with an XML parser, if it uses short tags.

  7. #7
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'd called that solved - i'm in complete agreement... don't be lazy.
    Studiotime - Time Management for Web Developers
    to-do's, messages, invoicing, reporting - 30 day free trial!
    Thomas Multimedia Web Development

  8. #8
    SitePoint Guru
    Join Date
    Jun 2004
    Location
    Finland
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by kyberfabrikken View Post
    If I recall correctly, short tags are invalid XML. So you can't parse a PHP sourcefile with an XML parser, if it uses short tags.
    Although true, the more common reason is that you have something like:

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <?php echo "<root />" ?>
    Running it with short_open_tag=1 will result in a parse error because

    Code:
    xml version="1.0" encoding="utf-8"
    is not valid PHP.

    Code:
    Parse error: syntax error, unexpected T_STRING in generatexml.php on line 1
    Also, even if it was valid PHP, it wouldn't be printed out which would result in broken XML.

  9. #9
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by php_daemon View Post
    just because I didn't add three extra letters.
    Eight extra characters, actually.

    PHP Code:
    <?=$someVar?>

    <?php echo $someVar?>
    If you're using short tags only in your templates, you're not exposing anything useful. The only thing you expose is where the variables get inserted.

    SomeClass.php

    PHP Code:
    <?php

    class SomeClass {

    private 
    $someVar1;
    private 
    $someVar2;

    public function 
    show() {
    // put all of your proprietary code here, then call the template
    ob_start();
    include(
    'SomeClass.show.php');
    return 
    ob_get_clean();
    // end func

    // end class

    ?>
    SomeClass.show.php:

    PHP Code:
    <h1>This Here's a Template</h1>
    <p>Blah blah blah <?=$this->someVar1?> blah blah blah <?=$this->someVar2?> blah blah blah....</p>

  10. #10
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    did you vote ?

    Anyway, I cant really stick up for short-tags myself, I am just used to using them.

    The template idea - good for basic templating systems. When you want to go down the template-parsing method, it's better not to put PHP in templates at all.

    I suppose, by the poll, I should start using long-tags then
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  11. #11
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    did you vote ?
    Oops! I didn't until you mentioned it.

    Quote Originally Posted by arkinstall View Post
    The template idea - good for basic templating systems. When you want to go down the template-parsing method, it's better not to put PHP in templates at all.
    How do you propose getting the data from PHP into your template then? Correct me if I'm wrong, but the reason PHP has constructs like these in the first place is for templating:

    PHP Code:
    <?if ($logged_in): ?>
    <h1>Welcome, Member!</h1>
    <p>Here's all the secret stuff that only members can see.</p>
    <?else: ?>
    <h1>Forbidden</h1>
    <p>Sorry, we don't know you. Take a hike.</p>
    <?endif; ?>
    and:

    PHP Code:
    <?foreach ($result as $row): ?>
    <tr>
    <td><?=$row['field1']; ?></td>
    <td><?=$row['field2']; ?></td>
    <td><?=$row['field3']; ?></td>
    </tr>
    <?endforeach; ?>
    What are we exposing here? The same "$result", "$row", and other variable names that everyone uses. The field names might give someone a clue about your database table structure, but you can use aliases in your queries to resolve that.

  12. #12
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by World Wide Weird View Post
    Eight extra characters, actually.

    PHP Code:
    <?=$someVar?>

    <?php echo $someVar?>
    If you're using short tags only in your templates, you're not exposing anything useful. The only thing you expose is where the variables get inserted.

    SomeClass.php

    PHP Code:
    <?php

    class SomeClass {

    private 
    $someVar1;
    private 
    $someVar2;

    public function 
    show() {
    // put all of your proprietary code here, then call the template
    ob_start();
    include(
    'SomeClass.show.php');
    return 
    ob_get_clean();
    // end func

    // end class

    ?>
    SomeClass.show.php:

    PHP Code:
    <h1>This Here's a Template</h1>
    <p>Blah blah blah <?=$this->someVar1?> blah blah blah <?=$this->someVar2?> blah blah blah....</p>
    That's the only practical use based on the fact that you use php as a template engine. However, that doesn't change the fact that the availability of your app is totally dependant on non-recommended, off by default configuration settings.
    Saul

  13. #13
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Actually, I do it like this.

    I made a template class, which parses html like this:
    Code:
    <h1>[loggedin_title]</h1>
    <p>[loggedin_message]</p>
    and does this:
    PHP Code:
    $title = (($logged_in == true) ? "Welcome, member" "Forbidden");
    $message = (($logged_in == true) ? "Here's all the secret stuff that only members can see" "Sorry, we don't know you. Take a hike.")
    $content str_replace(array("[loggedin_title]""[loggedin_message]"), array($title$message)); 
    That's only the very basic part of it. I actually use modules, storing their classes in an array of a static factory class, but you get my point.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  14. #14
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by php_daemon View Post
    That's the only practical use based on the fact that you use php as a template engine. However, that doesn't change the fact that the availability of your app is totally dependant on non-recommended, off by default configuration settings.
    As I've said elsewhere, I've never encountered a server where short open tags were turned off. And if I ever did, I'd just turn them on in my .htaccess file. The point of whether the sysadmin would allow me to do so is moot. If a hosting company isn't willing to accommodate such a simple request, then they're probably going to be worthless when it comes to other requests such as installing an extension my application depends on, adding custom entries to the magic.mime file, increasing the upload size limit so my visitors can upload videos, etc. In that case, I'll just find a hosting company that isn't afraid to make a buck.

  15. #15
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    Actually, I do it like this.

    I made a template class, which parses html like this:
    Code:
    <h1>[loggedin_title]</h1>
    <p>[loggedin_message]</p>
    and does this:
    PHP Code:
    $title = (($logged_in == true) ? "Welcome, member" "Forbidden");
    $message = (($logged_in == true) ? "Here's all the secret stuff that only members can see" "Sorry, we don't know you. Take a hike.")
    $content str_replace(array("[loggedin_title]""[loggedin_message]"), array($title$message)); 
    That's only the very basic part of it. I actually use modules, storing their classes in an array of a static factory class, but you get my point.
    Yes, I see where you're coming from, and, in my opinion, given that PHP already has an extremely elegant and useful template syntax built in, such script-parsed systems are a waste of time, in terms of both labor and processing overhead.

  16. #16
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    If you're willing to take the risk, it's up to you. But normally I'd never rely on a functionality of a platform who's developers mark it as "not recommended".
    Saul

  17. #17
    Theoretical Physics Student bronze trophy Jake Arkinstall's Avatar
    Join Date
    May 2006
    Location
    Lancaster University, UK
    Posts
    7,062
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    @WWW - Well said.

    I have never come across a short-tag disabled server - EVER. And I don't see how an XML structure could be hard - it isn't hard to do this:
    PHP Code:
    <? echo '<?xml version="1.0" encoding="utf-8"?>'?>
    I'm getting torn between them - Whilst I do agree that short tags are hypothetically less portable (hypothetically because hardly any servers have it disabled), I also agree that they are very useful.

    I think my choice of using them is purely down to habit to be honest - and I know that there are alot of people (obviously shy to voting, lol) who use it on these forums.
    Jake Arkinstall
    "Sometimes you don't need to reinvent the wheel;
    Sometimes its enough to make that wheel more rounded"-Molona

  18. #18
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by php_daemon View Post
    If you're willing to take the risk, it's up to you. But normally I'd never rely on a functionality of a platform who's developers mark it as "not recommended".
    What are the "risks", other than the aforementioned fact that one's application may not be portable to the as-yet-unencountered odd machine that has them turned off? I don't see anything in my php.ini file that suggests there may be a security risk, other than the risk you mentioned of exposing your code if they're turned off. Just a simple note advising the developer that such an incompatibility might potentially exist. In fact, the standard binary distribution I'm using on this box had them turned on when I installed it. It's hard to believe they would distribute it that way if the use of short tags isn't recommended.

    Quote Originally Posted by php.ini
    ; Allow the <? tag. Otherwise, only <?php and <script> tags are recognized.
    ; NOTE: Using short tags should be avoided when developing applications or
    ; libraries that are meant for redistribution, or deployment on PHP
    ; servers which are not under your control, because short tags may not
    ; be supported on the target server. For portable, redistributable code,
    ; be sure not to use short tags.
    short_open_tag = On

  19. #19
    We're from teh basements.
    Join Date
    Apr 2007
    Posts
    1,205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by arkinstall View Post
    And I don't see how an XML structure could be hard - it isn't hard to do this:
    PHP Code:
    <? echo '<?xml version="1.0" encoding="utf-8"?>'?>
    Exactly. Or, as I said, know where to use them and where not to use them. It's common sense not to use them in a file that is meant to be parsed by an XML parser, or in an XML file to be parsed by PHP, where a processing instruction requires the name of the implementation.

  20. #20
    Floridiot joebert's Avatar
    Join Date
    Mar 2004
    Location
    Kenneth City, FL
    Posts
    823
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I quit using short_open_tags after the first time I had an XML document handled as PHP.

  21. #21
    SitePoint Enthusiast
    Join Date
    Nov 2007
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    using short tags is bad practice i suggest normal <?php

  22. #22
    SitePoint Enthusiast
    Join Date
    Nov 2007
    Posts
    41
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ooops sorry if i have to post again but admit it or not we all use short tags
    but if im going to upload it on my live server i really make it a point that i will change this <? to <?php

    specially noobies they dont know the diff between the two

  23. #23
    Floridiot joebert's Avatar
    Join Date
    Mar 2004
    Location
    Kenneth City, FL
    Posts
    823
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    admit it or not we all use short tags
    If you want to consider running an application that uses them on the server us using them, maybe.

    But when it comes to writing an application, you're wrong pal.
    It's been at the very least a year since I've used a short open tag.

  24. #24
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if its really so difficult to type <?php echo $something; ?> perhaps people should look into an IDE upgrade. For example in dreamweaver you can press Ctrl E and that will insert an echo statement. That's two key downs instead of 3
    Studiotime - Time Management for Web Developers
    to-do's, messages, invoicing, reporting - 30 day free trial!
    Thomas Multimedia Web Development

  25. #25
    Team SitePoint santouras's Avatar
    Join Date
    Jul 2006
    Location
    planet earth
    Posts
    276
    Mentioned
    16 Post(s)
    Tagged
    0 Thread(s)
    I've never used short tags. Portability is very important, which is why I use as many abstractions as possible. DB's, Session handling, caching, everything that can be abstracted. Using short tags is just another issue that can affect portability, and if you can't be bothered to type the php after the <? then thats pretty bad imo :P
    my utility belt tells me its to the bar batman

    read the manual then google it then do a search THEN post....


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •