Is it bad practice to use

Question

I've come across this PHP tag <?= ?> recently and I am reluctant to use it, but it itches so hard that I wanted to have your take on it. I know it is bad practice to use short tags <? ?> and that we should use full tags <?php ?> instead, but what about this one : <?= ?>?

It would save some typing and it would be better for code readability, IMO. So instead of this:

<input name="someVar" value="<?php echo $someVar; ?>">

I could write it like this, which is cleaner :

<input name="someVar" value="<?= $someVar ?>">

Is using this operator frowned upon?

Answer 1

History

Before the misinformation train goes too far out of the station, there are a bunch of things you need to understand about PHP short tags.

The primary issue with PHP's short tags is that XML managed to choose a tag (<?) that was already used by PHP.

With the option enabled, you weren't able to raw output the xml declaration without getting syntax errors:

<?xml version="1.0" encoding="UTF-8" ?>

This is a big issue when you consider how common XML parsing and management is.

What about <?=?

Although <? causes conflicts with xml, <?= does not. Unfortunately, the options to toggle it on and off were tied to short_open_tag, which meant that to get the benefit of the short echo tag (<?=), you had to deal with the issues of the short open tag (<?). The issues associated with the short open tag were much greater than the benefits from the short echo tag, so you'll find a million and a half recommendations to turn short_open_tag off, which you should.

With PHP 5.4, however the short echo tag has been re-enabled separate from the short_open_tag option. I see this as a direct endorsement of the convenience of <?=, as there's nothing fundamentally wrong with it in and of itself.

The problem is that you can't guarantee that you'll have <?= if you're trying to write code that could work in a wider range of PHP versions.

_{ok, so now that that's all out of the way}

Should you use <?=?

Answer 2

Dusting off my PHP hat

I'd definitely favor the use of <?= $someVar ?> over the more verbose echo (simply personal preference). The only downside AFAIK is for users who are running pre-5.4.0, in which case short_open_tag must be enabled in php.ini.

Now having said that, if your project isn't OS, then it's a moot point. If it is, I'd either document the fact that short_open_tags must be enabled, or use the more portable of the two solutions.

Answer 3

You should definitely try to avoid short form tags, whether it's <? or <?=.

The main technical reason is portability, you can never be sure that the short form tags will work for every given setup, as they can be turned off, lookup the short_open_tag directive. But you can always be absolutely certain that the long form will work everywhere.

It would save some typing and it would be better for code readability, IMO.

That's also a bad habit. I can't really tell you what you find more readable, but I'm feverishly against using code readability as an excuse to save yourself a couple of keystrokes. If you are concerned about readability, you should go for a template engine, this:

<input name="someVar" value="{someVar}">

is far more readable from both your examples.

Lastly, it's worth noting that short form tags are explicitly discouraged by major PHP projects, for example PEAR and Zend Framework.

Answer 4

The PHP-Documentation clearly says that you can use short echo tags safely:

5.4.0 The tag <?= is always available regardless of the short_open_tag ini setting.

Although this is for PHP version 5.4 and greater but everybody should at least use this one. I would prefer them for templating purposes only.

Answer 5

Reasons for using short tags:

• They are shorter.

Reasons for not using short tags:

• They introduce one more configuration gotcha - while you do control the server most of the time in a professional context, if you plan to release your code to the general public, short tags may break unrepairably for people who use it on, say, shared hosting.
• They make it way too easy to casually drop un-sanitized strings into your output. This is scary because it may introduce XSS vulnerabilities. While long tags do nothing directly to prevent this, they do signal to the programmer that maybe what they are doing isn't the right thing, and they should start using a template system that automatically handles HTML-encoding for them right now. Outputting dynamic strings with long tags is painful, which is a good (educative) thing.

Answer 6

As of PHP 7.4, the playing field changes a bit:

<? ?> is officially deprecated and will be removed in PHP 8.0.

PHP RFC: Deprecate PHP Short open tags explicitly states that <?= ?> is unaffected. This would indicate (according to me, not the RFC) that its usage is not discouraged.

Answer 7

I think that the <?= version is a good/acceptable practice, provided that you only use it for final output of variables and avoid any function-calls or ternary-logic that aren't directly related to the presentation of the data.

It's certainly much better than <? echo($x); ?> everywhere.

Long-term, you may want to look into templating engines such as Smarty.

Answer 8

To be honest, I think that echoing a result whichever the method is (old or new fashion) is something pretty obsolete while MVC celebrates 33 years already.

I would say that yes, this is a good practice to encapsulate the incoming server (php) data within an XML document and process it in your applicative/client layer, thus, saving you even the idea of using such a tag.