Are PHP short tags acceptable to use?

Question

Here's the info according to the official documentation:

There are four different pairs of opening and closing tags which can be used in php. Two of those, <?php ?> and <script language="php"> </script>, are always available. The other two are short tags and ASP style tags, and can be turned on and off from the php.ini configuration file. As such, while some people find short tags and ASP style tags convenient, they are less portable, and generally not recommended.

In my experience most servers do have short tags enabled. Typing

<?=

is far more convenient than typing

<?php echo 

The programmers convenience is an important factor, so why are they not recommended?

Answer 1

Because the confusion it can generate with XML declarations. Many people agree with you, though.

An additional concern is the pain it'd generate to code everything with short tags only to find out at the end that the final hosting server has them turned off...

Answer 2

• Short tags are not turned on by default in some webservers (shared hosts, etc), so code portability becomes an issue if you need to move to one of these.

• Readability may be an issue for some. Many developers may find that <?php catches the eye as a more obvious marker of the beginning of a code block than <? when you scan a file, particularly if you're stuck with a code base with html and PHP tightly inter-woven.

Answer 3

They're not recommended because it's a PITA if you ever have to move your code to a server where it's not supported (and you can't enable it). As you say, lots of shared hosts do support shorttags but "lots" isn't all of them. If you want to share your scripts, it's best to use the full syntax.

I agree that <? and <?= are easier on programmers than <?php and <?php echo but it is possible to do a bulk find-and-replace as long as you use the same form each time (and don't chuck in spaces (eg: <? php or <? =)

I don't buy readability as a reason at all. Most serious developers have the option of syntax highlighting available to them.

Answer 4

One situation that is a little different is when developing a CodeIgniter app. CI seems to use the shorttags whenever php is being used in a template/view, otherwise with models and controllers it always uses the long tags. It's not a hard and fast rule in the framework but for the most part the framework and a lot of the source from other uses follows this convention. My two cents? If you never plan on running the code somewhere else, then use them if you want. I'd rather not have to do a massive search and replace when I realize it was a dumb idea.

Answer 5

I'm too fond of <?=$whatever?> to let it go. Never had a problem with it. I'll wait until it bites me in the ass. In all seriousness, 85% of (my) clients have access to php.ini in the rare occasion they are turned off. The other 15% use mainstream hosting providers, and virtually all of them have them enabled. I love 'em.

Answer 6

No, and they're being phased out by PHP 6 so if you appreciate code longevity, simply don't use them or the <% ... %> tags.

Answer 7

In response to patricksweeney:- (sorry, I would comment on your original point, but I don't have enough reputation yet :))

Yes, codeigniter encourages using short tags, but there's a good reason for that - there's a configuration option that will rewrite short tags to full < ?php tags when you switch it on.

This means you can use this option guilt-free, safe in the knowledge that it's easily portable if there's a server move at a later date.

Answer 8

If you care about XSS then you should use <?= htmlspecialchars(…) ?> most of the time, so short tag doesn't make a big difference.

Even if you shorten echo htmlspecialchars() to h(), it's still a problem that you have to remember to add it almost every time (and trying to keep track which data is pre-escaped, which is unescaped-but-harmless only makes mistakes more likely).

I use templating engine that is secure by default and writes <?php tags for me.

Answer 9

Short tags are coming back thanks to Zend Framework pushing the "PHP as a template language" in their default MVC configuration. I don't see what the debate is about, most of the software you will produce during your lifetime will operate on a server you or your company will control. As long as you keep yourself consistent, there shouldn't be any problems.

Answer 10

• Short tags are acceptable to use in cases where you are certain the server will support it and that your developers will understand it.
• Many servers do not support it, and many developers will understand it after seeing it once.
• I use full tags to ensure portability, since it's really not that bad.

With that said, a friend of mine said this, in support of alternate standardized asp-style tags, like <% rather than <?, which is a setting in php.ini called asp_tags. Here is his reasoning:

... arbitrary conventions should be standardized. That is, any time we are faced with a set of possibilities that are all of equal value - such as what weird punctuation our programming language should use to demarcate itself - we should pick one standard way and stick with it. That way we reduce the learning curve of all languages (or whatever the things the convention pertains to).

Sounds good to me, but I don't think any of us can circle the wagons around this cause. In the meantime, I would stick to the full <?php.

Answer 11

Let's face it PHP if fugly as hell without short tags.

You can enable them in a .htaccess file if you can't get to the php.ini:

php_flag short_open_tag on

Answer 12

The problem with this whole discussion lies in the use of PHP as a templating language. No one is arguing that tags should be used in application source files.

However PHP's embeddable syntax allows it to be used as a powerful template language, and templates should be as simple and readable as possible. Many have found it easier to use a much slower, add-on templating engine like Smarty, but for those purists among us who demand fast rendering and a pure code base, PHP is the only way to write templates.

The ONLY valid argument AGAINST the use of short tags is that they aren't supported on all servers. Comments about conflicts with XML documents are ludicrous, because you probably shouldn't be mixing PHP and XML anyway; and if you are, you should be using PHP to output strings of text. Security should never be an issue, because if you're putting sensitive information like database access credentials inside of template files, well then, you've got bigger issues!

Now then, as to the issue of server support, admittedly one has to be aware of their target platform. If shared hosting is a likely target, then short tags should be avoided. But for many professional developers (such as myself), the client acknowledges (and indeed, depends on the fact) that we will be dictating the server requirements. Often I'm responsible for setting up the server myself.

And we NEVER work with a hosting provider that does not give us absolute control of the server configuration -- in such a case we could count on running to much more trouble than just losing short tag support. It just doesn't happen.

So yes -- I agree that the use of short tags should be carefully weighed. But I also firmly believe that it should ALWAYS be an option, and that a developer who is aware of his environment should feel free to use them.

Answer 13

I read this page after looking for information on the topic, and I feel that one major issue has not been mentioned: laziness vs. consistency. The "real" tags for PHP are <?php and ?>. Why? I don't really care. Why would you want to use something else when those are clearly for PHP? <% and %> mean ASP to me, and <script ..... means Javascript (in most cases). So for consistency, fast learning, portability, and simplicity, why not stick to the standard?

On the other hand I agree that short tags in templates (and ONLY in templates) seem useful, but the problem is that we've just spent so much time discussing it here, that it would likely take a very long time to have actually wasted that much time typing the extra three characters of "php"!!

While having many options is nice, it's not at all logical and it can cause problems. Imagine if every programming language allowed 4 or more types of tags: Javascript could be <JS or < script .... or <% or <? JS.... would that be helpful? In the case of PHP the parsing order tends to be in favor of allowing these things, but the language is in many other ways not flexible: it throws notices or errors upon the slightest inconsistency, yet short tags are used often. And when short tags are used on a server that doesn't support them, it can take a very long time to figure out what is wrong since no error is given in some cases.

Finally, I don't think that short tags are the problem here: there are only two logical types of PHP code blocks-- 1) regular PHP code, 2) template echoes. For the former, I firmly believe that only <?php and ?> should be allowed just to keep everything consistent and portable. For the latter, the <?=$var?> method is ugly. Why must it be like this? Why not add something much more logical? <?php $var ?> That would not do anything (and only in the most remote possibilities could it conflict with something), and that could easily replace the awkward <?= syntax. Or if that's a problem, perhaps they could use <?php=$var?> instead and not worry about inconsistencies.

At the point where there are 4 options for open and close tags and the random addition of a special "echo" tag, PHP may as well have a "custom open/close tags" flag in php.ini or .htaccess. That way designers can choose the one they like best. But for obvious reasons that's overkill. So why allow 4+ options?

Answer 14

add this to your Zend_Controller_Action constructor:

$this->view->setUseStreamWrapper(true);

Answer 15

personally I like to stick to the full tags, but I work with various other developers and they all have differing opinions on that subject...

Obviously the safest is using full tags, but they argue that short-tags will not be deprecated in the foreseeable future, even in PHP6 it is unclear whether they will deprecate it or not, so not typing the 3-8 extra characters thousands of times is a REAL time saver.... well my IDE auto fills the <?php whenever I type <?, so it doesn't apply to me... which is also the main reason why I prefer full tags, because it doesn't affect me much whether I use either of them and full tags are obviously just better in terms on compatibility.

This is kinda like the whole discussion about having the ending ?> in pure php (no html) scripts or not, I believe we shouldn't be lazy in checking if we have trailing spaces after the closing php tag, it's not that hard really: - Create new php file - type open tag '<?php' - press enter twice - type close tag '?>' - press up once - start coding

you're guaranteed not to have trailing spaces this way, if you have a good coding form you won't have to worry about many bugs; it all starts from the basics of programming, if you have had good training, then you wouldn't even encounter half of the bugs and issues many people out there get.