Are PHP short tags acceptable to use?

Question

Here's the information according to the official documentation:

There are four different pairs of opening and closing tags which can be used in PHP. Two of those, <?php ?> and <script language="php"> </script>, are always available. The other two are short tags and ASP style tags, and can be turned on and off from the php.ini configuration file. As such, while some people find short tags and ASP style tags convenient, they are less portable, and generally not recommended.

In my experience most servers do have short tags enabled. Typing

<?=

is far more convenient than typing

<?php echo

The programmers convenience is an important factor, so why are they not recommended?

To answer the `why` part, I'd quote Zend PHP 5 certification guide: "Short tags were, for a time, the standard in the PHP world; however, they do have the major drawback of conflicting with XML headers and, therefore, have somewhat fallen by the wayside." — Fluffy, Apr 13 '11 at 14:40
What's the use case where that issue comes up, does that mean it's a pain for developers to generate XML using PHP? — jrz, Sep 06 '12 at 11:08
Let's say you have XML documents you want public, but you want the documents to be php parseable for whatever reason so you make .xml parseable by your browser. You use short tags so they are turned on, and suddenly the XML document is getting parsed via the XML headers, breaking things. Drove me nuts trying to figure this out long ago. Ever since short codes have been disabled on any server I run and any team I've worked with has had to resort to non short code — thenetimp, Oct 04 '12 at 07:51
If you strictly look at the case for the extra few characters, i would argue there is none, for most people who are browsing this forum, given the typical scenarios they are in. — Rusty75, Dec 15 '12 at 18:12
If the documentation said that these were frowned upon, how come in PHP 5.4.0 they are now always enabled? — Lightness Races in Orbit, Jan 07 '13 at 00:36
I put this at the top of my config: _if (!ini_get('short_open_tag')) { ini_set('short_open_tag', '1') or die("Could not enable PHP Short tags!"); }_ Then if I get the die() error I can search and replace for — miyalys, Feb 26 '13 at 11:08
[From PHP 5.4.0 the short_open_tag directive does not include the short echo tag](http://goo.gl/N6Pyi) **`= $example;?>`**! This is very important as the use of all other short tags is considered futile. Anyway the use of the short echo tag is encouraged from now on. It does provide for a smoother and tidier code-base - esp. in view files. So _for PHP >= 5.4.0_ **`= ?>`** can be used **without setting** `short_open_tag`. Please do not use the other short tags in your code. The code-Gods get very angry when you do so... — Borislav Sabev, Apr 08 '13 at 22:27
I'm going to add this as a quick comment, because there are already far too many long answers: `` is not *only* used in XML for the opening `` declaration; it is the general syntax for "processing instructions", the 2nd most common example being ``. ` — IMSoP, Aug 05 '13 at 18:46
"Not recommended" doesn't mean you can't use it. If you find it makes life better for you, by all means have a blast. Just be aware of the caveats. Of all people, programmers should be comfortable with there being more than one way of doing things. Make it nice when you can. Adapt when prudent. — Jeff Davis, Apr 30 '14 at 18:49
@BorislavSabev - Fun fact: I had a direct hand in convincing the PHP dev team to put `=` into 5.4.0 as always enabled. When writing open source, you have to assume `short_open_tag` is set to 'no', but closed/proprietary source code can be either way. Even before 5.4, I found writing ` — CubicleSoft, Jul 20 '17 at 04:19
@CubicleSoft indeed the major need for `short_open_tag` is coming from legacy systems with messy code. I understand the necessity of using it sometimes but only for legacy systems. I still regard the other short tags an evil that should not be used :) — Borislav Sabev, Jul 23 '17 at 10:19
From [docs](https://www.php.net/manual/en/language.basic-syntax.phpmode.php) `````` This syntax is removed in PHP 7.0.0. — Soul Reaver, Sep 14 '20 at 05:59

score 389 · Accepted Answer · edited May 10 '22 at 13:40

389

There must be a clear distinction between the PHP short tag (<?) and shorthand echo tag (<?=)

The former is prohibited by the PHP Coding standard, mostly out of common sense because it's a PITA if you ever have to move your code to a server where it's not supported (and you can't enable it). As you say, lots of shared hosts do support shorttags but "lots" isn't all of them. If you want to share your scripts, it's best to use the full syntax.

Whereas the shorthand echo tag <?= cannot be disabled and therefore is fully acceptable to use.

I agree that <? is easier on programmers than <?php but it is possible to do a bulk find-and-replace as long as you use the same form each time.

I don't buy readability as a reason at all. Most serious developers have the option of syntax highlighting available to them.

As ThiefMaster mentions in the comments, as of PHP 5.4, <?= ... ?> tags are supported everywhere, regardless of shorttags settings. This should mean they're safe to use in portable code but that does mean there's then a dependency on PHP 5.4+. If you want to support pre-5.4 and can't guarantee shorttags, you'll still need to use <?php echo ... ?>.

Also, you need to know that ASP tags <% , %> , <%= , and script tag are removed from PHP 7. So if you would like to support long-term portable code and would like switching to the most modern tools consider changing that parts of code.

edited May 10 '22 at 13:40

Your Common Sense

156,878
40
214
345

answered Oct 14 '08 at 10:31

Oli

235,628
64
220
299

92

So, explanation is: They are bad because they are not supported? But why are they not supported? Because they are not part of specification? Ok, but why they are not part of specification? I am bit disapointed with this answer. – Josef Sábl Nov 30 '09 at 22:34
62

I'm not here to discuss the "big questions" like why we're here, how did it all begin, etc. Shorttag support is not guaranteed on shared servers and it's being removed completely next major version. That's all you need to know. – Oli Dec 01 '09 at 11:49
49

Short tags are not being phased out. Only ASP style short tags. – Brian Lacy Jun 22 '10 at 16:55
13

there are hosts where mod_rewrite not supported as well. and a friggin ton of other options. Do not recommend them all. Plain HTML rocks! – Your Common Sense Sep 05 '10 at 09:36
6

so they're a terrible pain in the ass, but they can be removed with a bulk find-and-replace? Which is it? – Adriano Varoli Piazza Sep 08 '10 at 19:42
3

That is a pretty poor reason to recommend disabling short tags. If you have your own dedicated server, then you have full control over the php.ini settings, so you can always enable short tags on your server. As for the argument about switching hosting providers, just make sure you switch to a hosting provider that provides short tag support on their servers. I much prefer using short tags over long tags, to keep coding quick & efficient, and to improve code readability. – Bug Magnet Sep 09 '11 at 04:40
46

In the (very near) future of PHP 5.4, use of = will be separated from whether short_open_tags are enabled or disabled. = is not being phased out, quite the opposite it is now considered a fundamental piece of the language. – Mr Griever Jan 12 '12 at 19:07
2

Sorry but this is only an excuse,if so many server don't enable the option make it default. I hope that they'll change they're minds,it's not about if it's possible or not to avoid using short tags,it's about what you get if they're removed: i can live with or without them but why i have to do extra work and be limited if there's no gain? I hope they'll remove THE OPTION to enable/disable them and leave always enabled,like magic_quotes that's been removed(finally after been deactivated by default) – Plokko Apr 18 '12 at 23:05
3

@Oli: Consider mentioning that `=` (but not `` in general) is always supported as of PHP 5.4 right at the beginning of your answer. This question is #4 when googling for *php short open tags* so it's rather important to tell people about this. – ThiefMaster Jul 27 '12 at 11:18
2

That global search and replace mentioned above is actually kind of dangerous if you use DBO prepared statements. Suppose you were checking for rows based on age in a table called list, and accidentally put the space after the question mark instead of before: $dbh->prepare("SELECT * FROM list WHERE age "); A global search/replace would change this to $dbh->prepare("SELECT * FROM list WHERE age – David Stinemetze Jul 08 '15 at 14:56
in 30+ years of web development I have never come across a hoster who didn't already have or wouldn't enable short tags. Getting rid of = will keep a lot of ppl sticking with php6 for much longer – Rid Iculous Jan 10 '17 at 13:37
1

@RidIculous When I wrote this post, I had recently encountered hosts that were blocking short tags (and there is a difference between ` ... ?>` and `= ... ?>`. The latter is supported regardless of the shorttags setting - see the second half of the post) – Oli Jan 10 '17 at 14:05
Actually it'd be advisable to move this part to the top of the answer: "As ThiefMaster mentions in the comments, as of PHP 5.4, = ... ?> tags are supported everywhere, regardless of shorttags settings. This should mean they're safe to use in portable code", to reduce confusion by still starting it with that "They're not recommended because it's a PITA". Esp. as the question even explicitly referred to `=`. – Sz. May 29 '20 at 20:10

score 178 · Answer 2 · answered Oct 14 '08 at 23:14

178

I'm too fond of <?=$whatever?> to let it go. Never had a problem with it. I'll wait until it bites me in the ass. In all seriousness, 85% of (my) clients have access to php.ini in the rare occasion they are turned off. The other 15% use mainstream hosting providers, and virtually all of them have them enabled. I love 'em.

answered Oct 14 '08 at 23:14

Paolo Bergantino

480,997
81
517
436

41

@B Seven If you try to avoid every theoretical problem that could arise, your code will almost definitely be inefficient and buggy. Until the PHP group agrees to phase short tags out [not ASP tags], the worry of being bitten is far less, and the potential solution far simpler, than other things you can spend your time "fixing". – SamGoody Nov 15 '11 at 08:47
18

if it bites you, move to a better hosting – Lie Ryan Jan 10 '13 at 03:43
4

I don't really agree with not using something because it *might* not be supported. Should we not use any of the other features that might not be supported on a server? MYSQL vs MYSQLI? You will waste your time little by little, again and again writing long tags just to avoid a tiny chance of spending a little time to change to a better host. – Dean Or Jun 28 '14 at 21:01
`$whatever = ""` – user3840170 Sep 29 '22 at 09:07

dukeofgaming · Answer 3 · 2016-06-01T04:17:02.780

146

Starting with PHP 5.4, the echo shortcut is a separate issue from short tags, as the echo shortcut will always be enabled. It's a fact now:

So the echo shortcut itself (<?=) is safe to use now.

edited Jun 01 '16 at 04:17

answered May 19 '11 at 20:58

dukeofgaming

3,108
4
28
35

19

I'd say this is the only "short-tag" needed. ` – Xeoncross May 10 '12 at 18:53
6

`So the echo shortcut itself (=) is safe to use` ... as long as you're comfortable requiring PHP 5.4. Widely-distributed PHP apps (like wordpress) don't have the luxury of requiring 5.4, and even continued to offer PHP 4 support up until 2011 -- a full 7 years after PHP 5 was released. If you're at a place like facebook, where all installations of your software are directly operated by the company itself, then requiring 5.4 support is much easier than if you're working on a project like wordpress. – Frank Farmer Sep 13 '12 at 18:01

score 83 · Answer 4 · answered Dec 21 '09 at 23:16

83

The problem with this whole discussion lies in the use of PHP as a templating language. No one is arguing that tags should be used in application source files.

However PHP's embeddable syntax allows it to be used as a powerful template language, and templates should be as simple and readable as possible. Many have found it easier to use a much slower, add-on templating engine like Smarty, but for those purists among us who demand fast rendering and a pure code base, PHP is the only way to write templates.

The ONLY valid argument AGAINST the use of short tags is that they aren't supported on all servers. Comments about conflicts with XML documents are ludicrous, because you probably shouldn't be mixing PHP and XML anyway; and if you are, you should be using PHP to output strings of text. Security should never be an issue, because if you're putting sensitive information like database access credentials inside of template files, well then, you've got bigger issues!

Now then, as to the issue of server support, admittedly one has to be aware of their target platform. If shared hosting is a likely target, then short tags should be avoided. But for many professional developers (such as myself), the client acknowledges (and indeed, depends on the fact) that we will be dictating the server requirements. Often I'm responsible for setting up the server myself.

And we NEVER work with a hosting provider that does not give us absolute control of the server configuration -- in such a case we could count on running to much more trouble than just losing short tag support. It just doesn't happen.

So yes -- I agree that the use of short tags should be carefully weighed. But I also firmly believe that it should ALWAYS be an option, and that a developer who is aware of his environment should feel free to use them.

answered Dec 21 '09 at 23:16

Brian Lacy

18,785
10
55
73

6

If, for some reason, you had apache set up to pass .xml files to mod_php, the – Frank Farmer Jun 11 '10 at 03:43
3

A **templating** language that cannot be embedded without workarounds in some types of output documents is a big fail. The only reason I shouldn't have a XML template with PHP code and short tags is because it doesn't work, not because it doesn't make sense. – Vinko Vrsalovic Nov 02 '10 at 20:03
8

It's not a "big fail" to take advantage of the benefits of PHP as a fast, convenient templating language. As I said before, it's a matter of weighing the benefits and drawbacks and writing code in a manner that accommodates your chosen approach. Don't categorically dismiss a valid approach just because it doesn't work in one particular scenario (which can easily be worked around). – Brian Lacy Nov 04 '10 at 22:32
5

I'm not categorically dismissing any valid approach (see my answer to the question.) You are the one who categorically dismisses PHP in XML, I quote: "you shouldn't be mixing PHP and XML anyway". Also, the big fail I was referring to was the decision to use `` as a short tag, because it leads to ugly workarounds on XML. That said, I agree that it is a matter of weighing benefits and drawbacks, and that if you know what you are doing, you certainly can do it. But this doesn't make `` a good choice. – Vinko Vrsalovic Nov 07 '10 at 00:53
3

I'm a little late to the party, but I really like this answer, and it mirrors my experience with the situation. While we have some disagreement on the issue in our office, I can say that with near daily work in php for many years, I have never run into this being an issue. When PHP is used to generate XML, it has in my experience always been in the context of highly dynamic content, that was never directly templated via PHP, so the issue just never comes up. – redreinard Mar 29 '13 at 23:24
The problem is that your user output isn't escaped properly and the urge to keep the code minimal rather than correct will escasperbate this. If you're already doing more than outputing a value then you might as well add 7 characters. – svandragt Nov 22 '18 at 13:59

Jake McGraw · Answer 5 · 2011-02-05T16:12:58.233

35

Short tags are coming back thanks to Zend Framework pushing the "PHP as a template language" in their default MVC configuration. I don't see what the debate is about, most of the software you will produce during your lifetime will operate on a server you or your company will control. As long as you keep yourself consistent, there shouldn't be any problems.

UPDATE

After doing quite a bit of work with Magento, which uses long form. As a result, I've switched to the long form of:

<?php and <?php echo

over

<? and <?=

Seems like a small amount of work to assure interoperability.

edited Feb 05 '11 at 16:12

answered Oct 21 '08 at 21:45

Jake McGraw

55,558
10
50
63

8

I freelance and all my code goes onto shared hosting, so no control at all! :) – MDCore Oct 22 '08 at 04:01
12

If you have enough clients move to you own coloc, shared hosting is insecure and unstable. – Jake McGraw Nov 06 '08 at 15:57
2

The short tags Zend was bringing back apparently didn't catch as Zend are using the long version: http://framework.zend.com/manual/en/zend.view.scripts.html – Gerry Dec 01 '10 at 06:33
3

@Gerry I have also read this recently, see the last comment on this thread: [Update .htaccess to enable short open tags](http://framework.zend.com/issues/browse/ZF-6343) – MrWhite Feb 04 '11 at 01:56
2

You should really correct the grammar in the first sentence after UPDATE, which makes no sense in its current form. – redreinard Mar 29 '13 at 23:26

score 24 · Answer 6 · answered Oct 14 '08 at 10:24

24

Because the confusion it can generate with XML declarations. Many people agree with you, though.

An additional concern is the pain it'd generate to code everything with short tags only to find out at the end that the final hosting server has them turned off...

answered Oct 14 '08 at 10:24

Vinko Vrsalovic

330,807
53
334
373

Won't the XML declaration cause confusion anyway if short_tags is on? – MDCore Oct 14 '08 at 10:25
So instead of directly outputting the XML declaration, you have PHP echo it. It's not really a good refute. – moo Oct 14 '08 at 22:16
It's not a refutal of anything. It's the only actual reason which in turn is the cause for the other reason "hoster turns it off", of course you can use it if you know what you are doing, as always. – Vinko Vrsalovic Jul 29 '09 at 19:12
Why would PHP be parsing your XML files? This is a bogus argument. – maček Oct 28 '10 at 16:37
@macek: There are many ways it can do so with short tags on. include("a.xml"); is the first that comes to mind. – Vinko Vrsalovic Oct 28 '10 at 21:05
@Vinko Vrsalovic, no, I asked **why** not **how**. – maček Oct 29 '10 at 02:21
@Vinko, that *works* but that's not how you should be outputting a file in the first place; using `include` or `require` will have PHP parse the file. You can use `file() and fread()` or `file_get_contents()` to simply output a file. – maček Oct 29 '10 at 17:45
1

@macek: I'm aware of that. It was just the first example that I thought about. Another, what if you embed PHP in a XML file? You can't do that directly. And don't tell me the solution to that problem as well, I'm aware of them. The point is that there are plenty of ways for PHP to parse a XML file. You can probably dismiss them all with workarounds (`=' – Vinko Vrsalovic Oct 29 '10 at 18:25
@macek: Generating RSS feeds in PHP. Generating any sort of XML data backend in PHP. There's a multitude of reasons to want to generate an XML file in PHP. – Matthew Scharley Nov 03 '10 at 02:48
@Matthew Scharley, this discussion is about *why* you'd parse an XML document; not why you'd generate XML using PHP. I still can't see any reason you'd want to run an XML file through the PHP parser instead of just reading it. – maček Nov 03 '10 at 05:29
@macek: What about serving a simple XML document with a static structure where some of the values are pulled from a database? That would make a good fit for embedding PHP in XML. – Vinko Vrsalovic Nov 07 '10 at 01:00
@vincko: an therefore make .xml files parseable by the php interpreter? bad idea! (didn't watch the date, sorry...) – Christoph Winkler Apr 17 '12 at 07:34
1

how is short tags a pain if they dont work? its is very easy to do a bulk and replace `=` with ` echo `. many text editors can easily handle doing this to thousands of files at once. – Yamiko May 06 '12 at 05:52

score 21 · Answer 7 · edited Mar 23 '18 at 00:31

21

Following is the wonderful flow diagram of the same:

decision making tree of the use of <?=

Source: similiar question on Software Engineering Stack Exchange

edited Mar 23 '18 at 00:31

Pang

9,564
146
81
122

answered Apr 24 '13 at 05:10

Sumoanand

8,835
2
47
46

2

This is describing whether to use the short echo tag, not the same as the `` short tags mentioned in the question (though it used the same config setting pre-5.4) – Alok Jul 26 '13 at 12:45
In fact this should be an answer that everybody can understand, though the circumstances are not really explained why you do not want to use short tags in many cases (e.g. not able to change php.ini file on a shared hosting system) – Björn K Aug 06 '13 at 13:49

score 15 · Answer 8 · answered Aug 16 '11 at 14:51

15

In case anyone's still paying attention to this... As of PHP 5.4.0 Alpha 1 <?= is always available:

http://php.net/releases/NEWS_5_4_0_alpha1.txt

So it looks like short tags are (a) acceptable and (b) here to stay. For now at least...

answered Aug 16 '11 at 14:51

James Alday

873
9
23

7

`=` is not considered a short tag as of 5.4 – T0xicCode Dec 19 '12 at 00:15

score 14 · Answer 9 · answered May 30 '11 at 11:34

http://uk3.php.net/manual/en/language.basic-syntax.phpmode.php has plenty of advice, including:

while some people find short tags and ASP style tags convenient, they are less portable, and generally not recommended.

and

note that if you are embedding PHP within XML or XHTML you will need to use the <?php ?> tags to remain compliant with standards.

and

Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags.

score 12 · Answer 10 · edited Apr 15 '14 at 12:23

12

Short tags are not turned on by default in some webservers (shared hosts, etc.), so code portability becomes an issue if you need to move to one of these.
Readability may be an issue for some. Many developers may find that <?php catches the eye as a more obvious marker of the beginning of a code block than <? when you scan a file, particularly if you're stuck with a code base with HTML and PHP tightly inter-woven.

edited Apr 15 '14 at 12:23

Peter Mortensen

30,738
21
105
131

answered Oct 14 '08 at 10:25

ConroyP

40,958
16
80
86

2

Short tags are enabled in 95% of webservers. – Paolo Bergantino Oct 16 '08 at 01:31
19

I don't buy the "readability" argument. If you're using PHP as a templating language, `= $var ?>` is much more readable than `` – Frank Farmer Jun 11 '10 at 03:41
2

@Paulo this may have changed since '08 but EC2 Ubuntu and Fedora instances with yum install and apt-get versions of PHP have short-tagging disabled by default – Doug Molineux Jul 21 '11 at 22:40
2

use full tags and you'll have 100% :) – E Ciotti Jan 12 '12 at 01:18
2

@FrankFarmer, I think he's comparing the one without echo. `` vs ` – Pacerier Apr 09 '15 at 10:29

score 11 · Answer 11 · edited Apr 15 '14 at 12:35

11

Note: Starting in PHP 5.4 the short tag, <?=, is now always available.

edited Apr 15 '14 at 12:35

Peter Mortensen

30,738
21
105
131

answered May 30 '12 at 12:14

brunoais

6,258
8
39
59

Daniel Ross · Answer 12 · 2010-07-09T03:04:28.087

I read this page after looking for information on the topic, and I feel that one major issue has not been mentioned: laziness vs. consistency. The "real" tags for PHP are <?php and ?>. Why? I don't really care. Why would you want to use something else when those are clearly for PHP? <% and %> mean ASP to me, and <script ..... means Javascript (in most cases). So for consistency, fast learning, portability, and simplicity, why not stick to the standard?

On the other hand I agree that short tags in templates (and ONLY in templates) seem useful, but the problem is that we've just spent so much time discussing it here, that it would likely take a very long time to have actually wasted that much time typing the extra three characters of "php"!!

While having many options is nice, it's not at all logical and it can cause problems. Imagine if every programming language allowed 4 or more types of tags: Javascript could be <JS or < script .... or <% or <? JS.... would that be helpful? In the case of PHP the parsing order tends to be in favor of allowing these things, but the language is in many other ways not flexible: it throws notices or errors upon the slightest inconsistency, yet short tags are used often. And when short tags are used on a server that doesn't support them, it can take a very long time to figure out what is wrong since no error is given in some cases.

Finally, I don't think that short tags are the problem here: there are only two logical types of PHP code blocks-- 1) regular PHP code, 2) template echoes. For the former, I firmly believe that only <?php and ?> should be allowed just to keep everything consistent and portable. For the latter, the <?=$var?> method is ugly. Why must it be like this? Why not add something much more logical? <?php $var ?> That would not do anything (and only in the most remote possibilities could it conflict with something), and that could easily replace the awkward <?= syntax. Or if that's a problem, perhaps they could use <?php=$var?> instead and not worry about inconsistencies.

At the point where there are 4 options for open and close tags and the random addition of a special "echo" tag, PHP may as well have a "custom open/close tags" flag in php.ini or .htaccess. That way designers can choose the one they like best. But for obvious reasons that's overkill. So why allow 4+ options?

Blackbam · Answer 13 · 2021-04-12T16:33:49.357

5

As of 2019 I disagree with certain answers here. Recommended to use:

1. Long tags

<?php /* code goes here */ ?>

2. Short echo tags

<?= /* code goes here */ ?>

Reason: They are recommended by the PSR-1 basic coding standard

Other short tags like <? /* code goes here */ ?> are not recommended.

The spec says:

PHP code MUST use the long tags or the short-echo tags; it MUST NOT use the other tag variations.

edited Apr 12 '21 at 16:33

answered Sep 02 '19 at 11:04

Blackbam

17,496
26
97
150

score 4 · Answer 14 · edited Apr 15 '14 at 12:34

4

<? is disabled by default in newer versions. You can enable this like described Enabling Short Tags in PHP.

edited Apr 15 '14 at 12:34

Peter Mortensen

30,738
21
105
131

answered Apr 20 '12 at 11:50

AnkTech Devops

51
1
7

It's disabled by default in older versions too isn't it. – Pacerier Apr 09 '15 at 10:33
`` is disabled by default, but `=` has been enabled by default since 5 years ago. – hostingutilities.com Dec 17 '20 at 21:30

score 4 · Answer 15 · edited Apr 15 '14 at 12:26

One situation that is a little different is when developing a CodeIgniter application. CodeIgniter seems to use the shorttags whenever PHP is being used in a template/view, otherwise with models and controllers it always uses the long tags. It's not a hard and fast rule in the framework, but for the most part the framework and a lot of the source from other uses follows this convention.

My two cents? If you never plan on running the code somewhere else, then use them if you want. I'd rather not have to do a massive search and replace when I realize it was a dumb idea.

Manngo · Answer 16 · 2022-09-29T09:16:21.583

I thought it worth mentioning that as of PHP 7:

Short ASP PHP tags <% … %> are gone
Short PHP tabs <? … ?> are still available if short_open_tag is set to true. This is the default.
Since PHP 5.4, Short Print tags <?=… ?> are always enabled, regardless of the short_open_tag setting.

Good riddance to the first one, as it interfered with other languages.

There is now no reason not to use the short print tags, apart from personal preference.

Of course, if you’re writing code to be compatible with legacy versions of PHP 5, you will need to stick to the old rules, but remember that anything before PHP 5.6 is now unsupported.

See: https://secure.php.net/manual/en/language.basic-syntax.phptags.php

Note also the the above reference discourages the second version (<? … ?>) since it may have been disabled:

Note:
As short tags can be disabled it is recommended to only use the normal tags (<?php ?> and <?= ?>) to maximise compatibility.

score 3 · Answer 17 · answered Nov 06 '12 at 21:06

3

It's good to use them when you work with a MVC framework or CMS that have separate view files.
It's fast, less code, not confusing for the designers. Just make sure your server configuration allows using them.

answered Nov 06 '12 at 21:06

Greg

993
7
14

score 3 · Answer 18 · answered Mar 09 '14 at 17:01

One has to ask what the point of using short tags is.

Quicker to type

MDCore said:

<?= is far more convenient than typing <?php echo

Yes, it is. You save having to type 7 characters * X times throughout your scripts.

However, when a script takes an hour, or 10 hours, or more, to design, develop, and write, how relevant is the few seconds of time not typing those 7 chars here and there for the duration of the script?

Compared to the potential for some core, or all, of you scripts not working if short tags are not turned on, or are on but an update or someone changing the ini file/server config stops them working, other potentials.

The small benefit you gain doesn't comes close to outweighing the severity of the potential problems, that is your site not working, or worse, only parts of it not working and thus a headache to resolve.

Easier to read

This depends on familiarity.
I've always seen and used <?php echo. So while <?= is not hard to read, it's not familiar to me and thus not easier to read.

And with front end/back end developer split (as with most companies) would a front end developer working on those templates be more familiar knowing <?= is equal to "PHP open tag and echo"?
I would say most would be more comfortable with the more logical one. That is, a clear PHP open tag and then what is happening "echo" - <?php echo.

Risk assessment
Issue = entire site or core scripts fail to work;

The potential of issue is very low + severity of outcome is very high = high risk

Conclusion

You save a few seconds here and there not having to type a few chars, but risk a lot for it, and also likely lose readability as a result.

Front or back end coders familiar with <?= are more likely to understand <?php echo, as they're standard PHP things - standard <?php open tag and very well known "echo".
(Even front end coders should know "echo" or they simply wont be working on any code served by a framework).

Whereas the reverse is not as likely, someone is not likely to logically deduce that the equals sign on a PHP short tag is "echo".

It has nothing to do with typing. It's shorter and thus has the potential to be easier to **read**. A person used to reading `=` will read `=` more easily than a person used to reading ` — Pacerier, Apr 09 '15 at 10:32
@Pacerier Shorter does not simply = easier to read. We are all different. What you mean is, it's easier to read for *you*. As I put in my answer, as I'm used to ` — James, Apr 09 '15 at 11:27
No I'm not comparing you and me, I'm saying a person used to reading `=` will read `=` better than a person used to reading `= y`. — Pacerier, Apr 11 '15 at 16:43
No you're missing the point. I'm referring to the potential of the system, which has nothing to do with any particular person. You can say people used to typing with qwerty keyboard will type faster with qwerty, whereas people used to typing with dvorak will type faster with dvorak, but the fact doesn't change that the two systems have different potential. — Pacerier, Apr 12 '15 at 14:46

score 3 · Answer 19 · edited Apr 27 '11 at 22:19

3

IMHO people who use short tags often forget to escape whatever they're echoing. It would be nice to have a template engine that escapes by default. I believe Rob A wrote a quick hack to escape short tags in Zend Frameworks apps. If you like short tags because it makes PHP easier to read. Then might Smarty be a better option?

{$myString|escape}

to me that looks better than

<?= htmlspecialchars($myString) ?>

edited Apr 27 '11 at 22:19

Dereleased

9,939
3
35
51

answered Apr 13 '11 at 16:51

Adrian Judd

39
1

10

For most PHP programmers, the second option makes more sense than the first, simply because it is an actual PHP function that we are familiar with, while the first option is pseudo templating code that we have to learn on top of PHP. PHP is already a templating language, adding another templating language on top of it like Smarty is redundant IMO. – Bug Magnet Sep 09 '11 at 04:43
3

Twig is a template engine with html escaping enabled by default http://twig.sensiolabs.org/ – mateusza Jun 10 '12 at 11:03

score 3 · Answer 20 · edited Apr 15 '14 at 12:33

3

To avoid portability issues, start PHP tags with <?php and in case your PHP file is purely PHP, no HTML, you don't need to use the closing tags.

edited Apr 15 '14 at 12:33

Peter Mortensen

30,738
21
105
131

answered May 30 '11 at 11:39

Kumar

5,038
7
39
51

score 2 · Answer 21 · answered Aug 10 '09 at 18:41

Short tags are acceptable to use in cases where you are certain the server will support it and that your developers will understand it.
Many servers do not support it, and many developers will understand it after seeing it once.
I use full tags to ensure portability, since it's really not that bad.

With that said, a friend of mine said this, in support of alternate standardized asp-style tags, like <% rather than <?, which is a setting in php.ini called asp_tags. Here is his reasoning:

... arbitrary conventions should be standardized. That is, any time we are faced with a set of possibilities that are all of equal value - such as what weird punctuation our programming language should use to demarcate itself - we should pick one standard way and stick with it. That way we reduce the learning curve of all languages (or whatever the things the convention pertains to).

Sounds good to me, but I don't think any of us can circle the wagons around this cause. In the meantime, I would stick to the full <?php.

score 2 · Answer 22 · edited Apr 15 '14 at 12:30

2

Let's face it. PHP is ugly as hell without short tags.

You can enable them in a .htaccess file if you can't get to the php.ini:

php_flag short_open_tag on

edited Apr 15 '14 at 12:30

Peter Mortensen

30,738
21
105
131

answered Nov 08 '09 at 19:46

Jimmer

61
1
1

4

False. Sometimes, server is set to deny any kind of overriding, sir. – Alfabravo Mar 19 '10 at 12:05
18

True, but if your host doesn't allow you to override with htaccess, you really need a new host! :) – Brian Lacy Jun 22 '10 at 16:57
1

does not work on command line interface, and php_flag not supported all the time – E Ciotti Jan 12 '12 at 01:20

score 1 · Answer 23 · edited Apr 15 '14 at 12:29

1

If you care about XSS then you should use <?= htmlspecialchars(…) ?> most of the time, so a short tag doesn't make a big difference.

Even if you shorten echo htmlspecialchars() to h(), it's still a problem that you have to remember to add it almost every time (and trying to keep track which data is pre-escaped, which is unescaped-but-harmless only makes mistakes more likely).

I use a templating engine that is secure by default and writes <?php tags for me.

edited Apr 15 '14 at 12:29

Peter Mortensen

30,738
21
105
131

answered Oct 21 '08 at 21:27

Kornel

97,764
37
219
309

7

If you find yourself typing " 500 times a day, you might want to create a shortcut function named "h" like Rails has.. "= h($text) ?>" is just so much more readable when scanning a template. – Alexander Malfait Jul 26 '09 at 12:21
1

It is better indeed, but with a template engine it may be simply ${text} or such (and you don't have to remember to add h()) – Kornel Jul 26 '09 at 21:41
7

PHP itself is a templating engine. When you stop using short tags it starts to be bad templating engine as it becomes too verbose. – Josef Sábl Jul 12 '10 at 14:21
1

@Alexander Malfait that's a good tip. But the = is not needed. You can just make the function echo the string instead of return, so then you'd write Don't we already do that when we de i18n? is not that bad. – VladFr Nov 30 '10 at 17:15

score 1 · Answer 24 · edited Mar 20 '19 at 06:38

Short tag are alwayes available in php. So you do not need echo the first statement in your script

example:

    $a =10;
    <?= $a;//10 
    echo "Hellow";//
    echo "Hellow";

   ?>

Suddenly you need to use for a single php script then u can use it. example:

<html>
<head>
<title></title>
</head>  
<body>
<p>hellow everybody<?= hi;?></p>
<p>hellow everybody  </p> 
<p>hellow everybody  </p>   
</body>
</html>

score 1 · Answer 25 · edited Sep 21 '19 at 18:57

1

3 tags are available in php:

long-form tag that <?php ?> no need to directive any configured
short_open_tag that <? ?> available if short_open_tag option in php.ini is on
shorten tag <?= since php 5.4.0 it is always available

from php 7.0.0 asp and script tag are removed

edited Sep 21 '19 at 18:57

MaartenDev

5,631
5
21
33

answered Sep 21 '19 at 18:35

GaziAnis

49
6

That doesn't answer the question. – RalfFriedl Sep 21 '19 at 19:03
Weren't these facts already provided by earlier answers? – mickmackusa Apr 08 '23 at 08:42

score 0 · Answer 26 · answered Oct 14 '15 at 01:16

<?php ?> are much better to use since developers of this programming language has massively updated their core-language. You can see the difference between the short tags and long tags.

Short tags will be highlighted as light red while the longer ones are highlighted darker!

However, echoing something out, for example: <?=$variable;?> is fine. But prefer the longer tags. <?php echo $variable;?>

score 0 · Answer 27 · answered Nov 29 '15 at 06:12

Convert <? (without a trailing space) to <?php (with a trailing space):

find . -name "*.php" -print0 | xargs -0 perl -pi -e 's/<\?(?!php|=|xml|mso| )/<\?php /g'

Convert <? (with a trailing space) to <?php (retaining the trailing space):

find . -name "*.php" -print0 | xargs -0 perl -pi -e 's/<\? /<\?php /g'

score -5 · Answer 28 · edited Apr 29 '13 at 12:39

-5

No, and they're being phased out by PHP 6 so if you appreciate code longevity, simply don't use them or the <% ... %> tags.

edited Apr 29 '13 at 12:39

user229044

232,980
40
330
338

answered Oct 16 '08 at 01:19

coderGeek

579
2
3

4

I've seen other blog posts that say they're not going to be deprecated, just the ASP style short tags. – MDCore Oct 16 '08 at 10:18
1

They're phasing out "short open tags" (thankfully) ?>, I'm not sure if that includes = ?> (i hope it doesn't) – enobrev Dec 05 '08 at 20:41
23

It looks like this answer is incorrect, according to this link from the PHP Developers meeting: http://www.php.net/~derick/meeting-notes.html#remove-support-for-and-script-language-php-and-add-php-var – Charles Nov 04 '09 at 20:59
7

WHY are they so bad, whyyy? Everybody is so self confident that they are baaaaaad but nobody says why. – Josef Sábl Nov 30 '09 at 22:37
@Josef - short tags are also XML processing instructions, so mixing PHP with XML or XHTML Strict can get a little weird. I'd say more quirky than bad, but yelling at PHP is popular. – tadamson Jul 09 '10 at 03:20
If you are running/controlling your own server, then I don't see any problem with using ?> in PHP, except when dealing with XML documents which use tags. But there are easy ways around this, such as using echo '';. I honestly don't understand why people make such a big deal out of short tags. – Bug Magnet Aug 02 '10 at 02:22
6

FALSE. They are phasing out <% %> tags, as indeed they should. They serve no purpose but to confuse. The ?> tags will not be affected; but of course they are still configurable on a per-server basis, and you should always be aware of your target platform's requirements. – Brian Lacy Nov 08 '10 at 16:52
6

This information appears to be incorrect and misleading, and it should be corrected by the author. – tex Feb 25 '11 at 09:17

Are PHP short tags acceptable to use?

28 Answers28

Linked

Related