3

OK, I hate doing something for no reason, especially if it appears to be the stupidest thing I've ever seen, so here goes:

I'm encountering a codebase where the PHP files start with <?php, but don't end with ?>

I have not seen any documentation on why, but apparently this has something to do with "security".

Can someone enlighten me as to why I would break with common sense and leave out the closing PHP tag at the bottom of a file?

Samuel Fullman
  • 1,262
  • 1
  • 15
  • 20
  • 1
    I don't think this has to do with security. Only thing I can think of is preventing trailing spaces at the end of the document. I also hate it and think this is bad practice. In my opinion it should be changed in future versions to give a notice or syntax error. – nl-x Jun 24 '14 at 11:06

2 Answers2

2

The documentation states:

If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script.

It has nothing to do with "security". It has something to do with functions whose behaviour depends on whether output has already been sent to the client or not. The best example is the function header(). It is meant for manipulating the HTTP response headers. This function will work only before any output has been send - as in HTTP there headers cannot being sent after the body.

Let's get back to the nature of PHP. It is a scripting language which can be embedded into other documents, like HTML:

<html>
  <head><title><?php echo $title; ?></title></head>
  <body><?php echo $body; ?></body>
</html>

When embedded into other documents PHP's output will be inserted into the document, leaving the original document as-is, meaning just sending it's literal content to the client.

When you have a class file, for example:

<?php

class Foo {

}

?><whitespace>...
<newline>
<newline>

... you are closing the PHP tag and have two forgotten spaces and new lines in the file. PHP would send those spaces and new lines to the client, meaning a function like header() wouldn't work anymore. This simply a text document with embedded PHP code. (Unlike source code files in other languages). PHP will replace the part between the <?php ?> and send the results + remaining parts of the file to the client.

If you omit the closing PHP tag in this case, the PHP parser would just ignore the spaces and newlines because they don't contain code.

hek2mgl
  • 152,036
  • 28
  • 249
  • 266
  • What is said in the documentation is just stupid. If this is really the case, then we should also preferably (by default even) omit the starting ` – nl-x Jun 24 '14 at 11:08
  • agreed, another processing task that would slow the program down. – Samuel Fullman Jun 24 '14 at 11:16
  • @nl-x I've added some explanation. I hope this clearifies it. You need to understand the nature of PHP. – hek2mgl Jun 24 '14 at 11:17
  • @hek2mgl You didn't have to clarify anything for me. Sorry if I was not clear. I was just spilling my guts over this poor decision taken by the PHP team. – nl-x Jun 24 '14 at 11:20
  • You don't understand PHP, PHP is meant to be inserted into other documents. This is unlike other programming languages and has BIG advantages *and* disadvantages, like this. – hek2mgl Jun 24 '14 at 11:25
  • 2
    @nl-x If you have spaces before the starting tag you could see it in your editor right away. That's not the case with spaces after the closing tag. – yunzen Jun 24 '14 at 11:33
  • @hek2mgl So now I don't understand it, because I disagree?! Sorry, I do understand it AND disagree. – nl-x Jun 24 '14 at 11:53
  • This makes no sense. Sense would make: "I understand and I don't like the concepts." There is no room to disagree, having the goals of the PHP language, it is just an obvious side effect. Of course you can use a ton of other languages which behave differently, like ruby, python or perl (or any other language I know), but you cannot insert those languages into other documents. You'll need an explicit template engine then. – hek2mgl Jun 24 '14 at 11:55
  • Indeed, I should have said "disagree with the decision taken by the PHP team.", refering to my earlier comment. But let's not nickpick on the usage of the English language while we're still debating the PHP language :) (Or let's even stop here) – nl-x Jun 24 '14 at 11:59
  • I just wanted to make clear that there is no room for PHP devs to *change something*. Then they would change everything. But just omitting the close tag is a pretty nice way out of the (non-existing) problem, isn't it? I don't get why this should be a problem... – hek2mgl Jun 24 '14 at 12:02
  • I'm having a hard time actually finding whether this notation is valid SGML. Or whether this is totally beyond the SGML scope, and it isn't a Processing Instruction at all. – nl-x Jun 24 '14 at 12:03
  • Sure, but omitting the close tag can only happen in source-only files. These files aren't meant to be interpreted in a SGML context. – hek2mgl Jun 24 '14 at 12:07
  • @hek2mgl Your IDE might be one that does. But again, I can't find it documented as such. All I could find is `` is SGML PI. And ` ?>` is XML PI implementation. – nl-x Jun 24 '14 at 12:11
  • @nl-x My IDE is `vim`. it doesn't care :) But have worked with `Eclipse` and `Netbeans` too. Never had a problem. – hek2mgl Jun 24 '14 at 12:12
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/56196/discussion-between-hek2mgl-and-nl-x). – hek2mgl Jun 24 '14 at 12:15
0

According to php.net reason behind avoiding ending php tag is:

"If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script."

Sasi
  • 127
  • 6