Which of this is best to concatenate a variable

Hello house,
I have always written my codes using curly bracket to join variables as it makes it simple and easy for me but am thinking it my be removed or give issues in future versions of php.
example.

$data = "This is where you show {$_POST['road']} and is better to {$_POST['read']} and click <a href='{$_POST['linkway']}'>HERE</a>

If am to write it using concatenation it will look confusing example.

$data = "This is where you show $_POST['road']". and is better to".$_POST['read'] and click <a href='".$_POST['linkway'].">HERE</a>

Please which among the two ways is better, secured to use and can stay to many newer version of php?
Thanks

Putting php variables inside of a double-quoted string isn’t going to be removed.

A fun fact: when php parses your first example, the byte-code it produces is exactly the same as your second example (you are missing some " and . in it BTW.)

Security is up to the context the values are being used in.

1 Like

thats just why i prefer the first one, it makes code neat and understandable especially when you have to do with double quotes and single quotes in one line

good to know, i will code that way all long, rather than the second confusing example

I have always suggested the first method.

The second one is more prone to error especially if you don’t have a good IDE with syntax highlighting and “harder” to read and write.

1 Like

In this context, I would be careful about $_POST data directly in a string. Though it depends upon what happens to that string. If it were to be printed to a web page I would probably want to run htmlspecialchars() on it.
Though that may be done to the string post concatenation.

1 Like

Yes exactly thats the only way method two can be useful as you can’t use other functions inside like this

$data = "htmlspecialchars($_POST['test'])";

echo $data;

So what i normally do is sanitize the post variable outside and then use it inside my curly bracket.
example

$postdata = htmlspecialchars ($_POST['test']);
$data = "<a href='{$postdata}'> This is the link</a>";
echo $data;

All worst come to worst i can just add up my data and then use htmlspecialchar() when echoing it out. example


$data = "<a href='{$_POST['test']}'> This is the link</a>";
echo htmlspecialchar ($data);

I avoid putting text in full quotes as the string will be parsed and there is no need to have php do that. I put text in single quotes and variables without or outside quotes.

$data = 'This is where you show '.$_POST['road'].' and is better to '.$_POST['read'].' and click <a href="'.$_POST['linkway'].'">HERE</a>';

BUT I would not write a string with $_POST variables in them as they are not always set. I mean why write coding that can throw errors? If $_POST variables are to echoed to the screen then I set variables to be used that can be echoed regardless of $_POST state.

$road = (!empty($_POST['road']) ? $_POST['road'] : '');
$read = (!empty($_POST['read']) ? $_POST['read'] : '');
$linkway = (!empty($_POST['linkway']) ? $_POST['linkway'] : '');

And again echoing outside of quotes.

$data = 'This is where you show '.$road.' and is better to '.$read.' and click <a href="'.$linkway.'">HERE</a>';

If you wish to run some checks on $_POST values you can to that when setting the variables.

$road = (!empty($_POST['road']) ? htmlspecialchar($_POST['road']) : '');
$read = (!empty($_POST['read']) ? htmlspecialchar($_POST['read']) : '');
$linkway = (!empty($_POST['linkway']) ? htmlspecialchar($_POST['linkway']) : '');
1 Like

I think am the only one over using !empty() for all my variables including post variables and data from database query, even if i knew the column was there. but at some point I begin to feel am giving the server alot to deal with in the if statement but it does help me out or unnecessary variable not defined errors.

I always write like you instructed but in the example i wrote above i did it just for the sake of concatenation question i asked.

And thanks for confirming nothing wrong with checking my variables using to know if set or not.

This isn’t going to work* as it will encode the HTML already in the string.

*Unless you were producing something like an HTML tutorial where you want to show HTML code on the page.

yes you are right, href will be stripped off