Escape HTML to PHP or Use Echo? Which is better?

Question

In terms of performance , what would be better. Using PHP to echo all the HTML output so I can pepper it with the various bits of working code and variables or escape HTML to php periodically throughout the documents.

I know there may be some readability issues but I'm not to worried about that.

Thanks all!

Example 1

echo '<html>',
     '<body>',
     'The content of the ',$container,' element is displayed in your ', $other_container,
     '</body>',
     '</html>';

OR

<html>
<body>
The content of the <?php echo $container; ?> element is displayed in your <?php echo $other_container; ?>
</body>
</html>

Answer 1

It falls into the realm of micro optimizations. The largest part of your time falls into initializing the PHP engine starting the work.

So unless you have an order of tens of thousands of lines (or even more), you shouldn't be concerned with it.

To add, i did a small test of a million lines where i used php to print them and where i used php to call a c program that did the same thing and the difference was minuscule.

A little more info.

What is happening in the 2nd example is that you are "turning on/off" PHP, its not exactly what is happening but for this example it fits.

The thing you should be more worried about, is that code going to have a lot of logic around it? Am i going to split that string into even more strings or even place it in different places? Is this the View of a MVC application?

For 1 and 2 it could be a toss up between either method. But for 3 i would go with method 2 for these reasons.

A view in a MVC web application is mostly html/css. So i want to see that be formatted correctly and i want to see in my editor the html coloring. So that is a plus.

Answer 2

It's pretty irrelevant to the overall speed of your app which one you go with.

That being said, I know you said you don't care, but please use the 2nd one as it's about a million times easier to read. And readability is huge.

Answer 3

Whichever is easiest to read.

The performance difference is pretty negligible compared to almost any other issue you'll encounter. Definitely readability is hands down the first issue here.

Answer 4

For small bits I just keep it all in PHP strings, like when looping through an array to generate a list. But for larger piles of markup I keep that out of the PHP and just drop into PHP when necessary.

This is largely because I prefer to optimize for maintainability. Not just because it's faster to see what's going on when the html has appropriate syntax highlighting applied, but because it also makes mistakes resulting from a flawed reading of the code less likely to occur.

There really isn't a best way. I just try to stay consistent with what's described above, and keep my eyes open for situations where maybe the other way would be a better way of handling it.

Answer 5

It's all about which you find the most readable. Of course, this will vary with each situation. If you were doing an entire page, and there were large sections which did not have any PHP in it, then I'd break out of PHP and just write the plain HTML, whereas if there was a section which had a lot of PHP variables, I'd do it all in PHP.

For example:

<table>
    <tr>
        <td colspan="<?php echo $numCols; ?>">
            <?php echo $a; ?>, <?php echo $b; ?>, and <?php echo $c?>
        </td>
    </tr>
</table>

versus:

<?php
echo "<table>"
    . "<tr>"
    .    "<td colspan=\"" . $numCols . "\">"
    .        $a . ", " . $b . " and " . $c
    .    "</td>"
    . "</tr>"
    . "</table>"
; ?>

Also don't forget about printf

<?php
printf("<table>"
    . "<tr>"
    .    "<td colspan=\"%d\">%s, %s and %s</td>"
    . "</tr>"
    . "</table>"
    , $numCols
    , $a
    , $b
    , $c
);
?>

Answer 6

Let's cite the manual:

The example given here is contrived, of course, but for outputting large blocks of text, dropping out of PHP parsing mode is generally more efficient than sending all of the text through echo() or print().

But please listen to the others and avoid this sort of micro optimization and choose the one that is more legible.

Answer 7

go with a php base

I did this just today even... and it just depended on the amount of code I had in the file. If you stay in php you get the benefit of thinking through the whole process programmatically and can variablize multiple parts.

Answer 8

The latter is much more readable. It's also more easily editable (you do not have to escape quotes in HTML, for example). And it preserves whitespace without any hassle, which may be preferred, particularly for debugging purposes.

I almost wish PHP would enable print() and echo() to automatically convert HTML characters so that people would stop using them to generate HTML.

Answer 9

In terms of performance... it's not important. Readability of the code is king, a tiny fraction of a percent of performance difference isn't going to change anything.

The raw HTML version is usually the easiest to read (and probably has the best performance too for what it's worth - but what it's worth is: nothing). This is no surprise: PHP is an HTML templating language, the whole point is interleaving HTML at a language syntax level.

Look at nickf's code to see how to keep it readable. Indenting is important! Put a level of indenting inside each PHP control structure too, so you can keep track of them. eg.:

<?php if ($error) { ?>
    <p> Oh no, error! </p>
<?php } ?>

Finally, when outputting content, such as $container in your example, you must always htmlspecialchars() it, or you'll have an application full of HTML-injection security holes, like every other PHP newbie (and even many professional developers, sadly). This matters whichever method you use to output content.

Because htmlspecialchars is quite an annoyingly long function name, you could try defining your own shortcut function:

<?php
    function h($s) {
        echo(htmlspecialchars($s, ENT_QUOTES));
    }
?>

<ul>
    <?php foreach ($things as $thing) { ?>
        <li> <?php h($thing['name']) ?> </li>
    <?php } ?>
</ul>

Answer 10

I don't know about the performance of this, but within PHP you can also use what I believe is called a "Heredoc", which I think helps with readability within this sort of output.

Nickf's example:

<table>
    <tr>
        <td colspan="<?php echo $numCols; ?>">
            <?php echo $a; ?>, <?php echo $b; ?>, and <?php echo $c?>
        </td>
    </tr>
</table>

becomes:

<?php
echo <<<EOT
<table>
    <tr>
        <td colspan="$numCols">
            $a , $b, and  $c
        </td>
    </tr>
</table>

EOT;

?>

I do believe that ultimately readability is a subjective thing, so your mileage may vary!

Ruth

Answer 11

You should seriously consider never placing PHP inside of HTML. You are mixing logic with view which makes a project messy.

As others have said, if you output into html, use <?php echo $whatever; ?>

If you have to output a ton of information look into output buffering.

Answer 12

Code as if the next programmer taking over the project is a serial killer. In other words, use the second option you mentionned.

Answer 13

This should be considered more of a readability and maintenance issue than a performance issue.

Thus, option 2 has a couple concrete advantages:

1. Code coloring. With option 1 everything is colored as an echo statement which makes reading HTML more difficult.
2. Intellisense - With many IDE's, HTML within a PHP echo statement won't engage intellisense, so you'll be typing all that HTML by hand.