Learn More
Resend Email
9
anolis
5y

Hello, one of the other devs on my team insists that using:

<?=$myVar?>

In a template is super dangerous but:

<?php echo $myVar?>

Is safer.

Why? Is this valid in PHP 7.3?

question

security

php7

php
Favorite
Ranter
Comments
  • 7
    5y
    I dont see any reason, its just a shorthand syntax..
  • 5
    5y
    Not really dangerous, he is probably confused. But this is enabled on the language since version 5.6 I think(or 5.4) regardless of your ini files.

    Its safe to use.
  • 2
    5y
    I guess its not 'super dangerous' per se , but might not work in different devices
  • 11
    5y
    @StopWastingTime It's backend code.
  • 1
    5y
    It works why not use it?
    It's just a shorthand, it makes code more readable
  • 4
    5y
    It's literally the exact same thing. Even the implementation.
  • 4
    5y
    "<?=" *used* to be optionally enabled in earlier PHP versions (5.4 and earlier IIRC), so it *could* be a more dangerous then as, if misconfigured, you could just start spewing out raw server side PHP code. That's not generally considered a great thing.

    These days they're identical however. Your other dev is probably just using a "legacy" mindset.
  • 1
    5y
    "PHP includes a short echo tag <?= which is a short-hand to the more verbose <?php echo. "

    https://php.net/manual/en/...

    <?php is not the same as <?=

    In worst case you echo your code instead of executing it

    Edit: Migraine. Brain faulty. Oooopsie doopsie
  • 1
    5y
    @gronostaj ohh right. Then if it works on one's server , then one should go for it (Btw am just starting to learn backend designing using php)
  • 1
    5y
    @naphetz It's permanently enabled since PHP 5.4. https://softwareengineering.stackexchange.com/...
  • 0
    5y
    Eeewwww
  • 0
    5y
    Not sure, but it's ugly either way.
  • 3
    5y
    You should insist that you all should use a templating engine like Latte or Twig to not argue about such things. :D
  • 1
    5y
    As long as the .ini file has short open tags enabled, then whatever, I personally disable it.

    It's not a big jump
    From <?= to start using alternative syntax but whatever, each to their own after all.
  • 1
    5y
    @C0D4 <?= is independent from short tags, it's always enabled.
  • 3
    5y
    @gronostaj wait a minute
    🧢
    *research cap on* 🤔

    Note:
    This directive also affected the shorthand <?= before PHP 5.4.0, which is identical to <? echo. Use of this shortcut required short_open_tag to be on. Since PHP 5.4.0, <?= is always available.

    Well, there you go, it's been that long since I've used it, someone turned it on by default.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment