the tech guy at one of my clients raised to me I wasn't using <?php everywhere and would need to change that because of security reasons. Fair point, will do my good sir! However, he also asked if I could change ?> to php?> as the closing tags and that seemed a bit odd to me. I have never seen that, nor any mention of it anywhere (Google gave me a total of 0 relevant results). And even my code editor implies that that is faulty code.
Can anyone enlighten me if it even exists and if so what benefits it offers above ?>
Thanks in advance.
Given:
<?php
error_reporting(E_ALL);
echo "echo ";
php?>
The output is:
echo
Notice: Use of undefined constant php - assumed 'php' in /tmp/test.php on line 4
In php?>, the php part is not a component of the "end of PHP code" marker. It is just a constant that you haven't defined just like in junk?>.
The PHP tags docs clearly says that <?php is an opening tag and ?> is closing tag.
You can use short opening tag <? but you need to enable short_open_tag in your php.ini file first.
However in some cases it's good to omit the closing tag.
If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script.
Related
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 8 years ago.
In some scripts I see that they omit writing a closing tag ?> for the script. Why is it and should I do this as well?
(I'm sure they have not forgotten it.)
Well, omitting the closing tag is just one solution for avoiding blanks and other characters at the end of file. For example any char which is accidentally added behind the closing tag would trigger an error when trying to modify header info later.
Removing the closing tag is kind of "good practice" referring to many coding guidelines.
From PHP: Instruction Separation
The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include() or require(), so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.
php.net on PHP tags:
If a file is pure PHP code, it is preferable to omit the PHP closing
tag at the end of the file. This prevents accidental whitespace or new
lines being added after the PHP closing tag, which may cause unwanted
effects because PHP will start output buffering when there is no
intention from the programmer to send any output at that point in the
script.
They do it to avoid risking to have whitespaces after the closing tag which may stop headers to work.
This is, of course, true for PHP-only files.
CodeIgniter Framework suggests to omit closing tags for
"... can cause unwanted output, PHP errors or blank pages".
You can read it here.
Modern versions of PHP set the output_buffering flag in php.ini. If output buffering is enabled, you can set HTTP headers and cookies after outputting HTML, because the returned code is not sent to the browser immediately.
Are the examples still valid in this context?
It shows unwanted white space / blank page. HTTP headers do not work for those unwanted whitespace.
Most JavaScript injection is made at the end of the file. It will show an error message and breaks the code, injected JavaScript code does not get executed.
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 8 years ago.
OK, I hate doing something for no reason, especially if it appears to be the stupidest thing I've ever seen, so here goes:
I'm encountering a codebase where the PHP files start with <?php, but don't end with ?>
I have not seen any documentation on why, but apparently this has something to do with "security".
Can someone enlighten me as to why I would break with common sense and leave out the closing PHP tag at the bottom of a file?
The documentation states:
If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script.
It has nothing to do with "security". It has something to do with functions whose behaviour depends on whether output has already been sent to the client or not. The best example is the function header(). It is meant for manipulating the HTTP response headers. This function will work only before any output has been send - as in HTTP there headers cannot being sent after the body.
Let's get back to the nature of PHP. It is a scripting language which can be embedded into other documents, like HTML:
<html>
<head><title><?php echo $title; ?></title></head>
<body><?php echo $body; ?></body>
</html>
When embedded into other documents PHP's output will be inserted into the document, leaving the original document as-is, meaning just sending it's literal content to the client.
When you have a class file, for example:
<?php
class Foo {
}
?><whitespace>...
<newline>
<newline>
... you are closing the PHP tag and have two forgotten spaces and new lines in the file. PHP would send those spaces and new lines to the client, meaning a function like header() wouldn't work anymore. This simply a text document with embedded PHP code. (Unlike source code files in other languages). PHP will replace the part between the <?php ?> and send the results + remaining parts of the file to the client.
If you omit the closing PHP tag in this case, the PHP parser would just ignore the spaces and newlines because they don't contain code.
According to php.net reason behind avoiding ending php tag is:
"If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script."
<!DOCTYPE html>
This is the code.
How can I fix that?
I tested the HTML/CSS/JavaScript before integrating the code with Laravel.
Make sure your PHP files don't have the closing tags (?>). They might add whitespace to your HTML.
For more info, see the PHP docs:
If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script.
You might also want to take a look at this post: Why would one omit the close tag?
I know this is few years late but for other people.
change the page encoding to UTF-8 without BOM and it will be solved.
This question already has answers here:
Closed 12 years ago.
Possible Duplicate:
PHP closing tag
I have seen many PHP classes files which do not have a closing ?> so instead of this:
<?php
class DataTypeLine extends DataType {
...
}
?>
they just have this:
<?php
class DataTypeLine extends DataType {
...
}
I also notice when I create a new PHP file in Eclipse Helios, it defaults to having only a starting <?php tag but no ending tag ?>.
What is the advantage of not having an ending ?> tag?
No real advantage—it helps ensure there's no inadvertent whitespace that's outputted by adding new lines at the end of the file which can mess up things like sending headers and such.
For example, a file like this:
<?php
/* do stuff */
?>
<!-- note the empty space above, this comment not really part of the code -->
will break a file that uses it like this
<?php
require 'myfile.php';
header('Location: http://example.com/');
?>
with output already sent errors, because of those blank lines in the first file. By not using the ?>, you avoid that potential problem.
From the PHP documentation
The closing tag of a PHP block at the
end of a file is optional, and in some
cases omitting it is helpful when
using include() or require(), so
unwanted whitespace will not occur at
the end of files, and you will still
be able to add headers to the response
later. It is also handy if you use
output buffering, and would not like
to see added unwanted whitespace at
the end of the parts generated by the
included files.
It's a coding style recommendation for novices. PHP eats up a single \n after the closing tag. Yet many newcomers inadvertently leave extra spaces or tabs or multiple newlines there. On Windows this is compounded by having a \r\n trail the ?> closing tag, which leads to isses as soon as scripts get deployed to Unix servers.
Leaving out the closing tag is also conceived as optimization by some (like single quotes).
It's recommended that one should not put a PHP closing tag at the end of the file to avoid all sorts of untoward error. But is there any circumstances when PHP tag closing is needed?
A closing tag is needed if you want to switch from the PHP code block to the plain text output.
Here’s an example:
<?php
// PHP code block
?>
<!-- plain text output and not processed by PHP -->
</body>
BTW if you want to know what error you are preventing by skipping the closing tag. Since Zend's explanation doesn't go into detail.
It is not required by PHP, and omitting it prevents the accidental injection of trailing white space into the response.
This means that if you want to use header() to redirect some person to some other location or change the HTTP header in any way... then you can't and will get an error if some file ends like this.
}
?>
//space here
Because then this space will be outputted to the site as content and then you can't modify the headers.
This is my personal "rule":
File with only php code: Never end tag
File with php mixed with something else (I.e. HTML): Always end tag
It's only needed when you want to output non-php code after your php block.
When you are not just using PHP in the script :-)
As a general rule, I always add the closing tag, because it's the only time all day that my question-mark finger gets exercise. That poor question mark gets no love in PHP ;-)
But seriously, adding the closing tag when it's not required can actually lead to really confusing errors. I pulled my hair out all afternoon once because of this. The trouble is usually because there's spaces after the closing tag that you can't easily see, but they get interpreted as part of a response body. This is bad news if you're including this file inside another script that wants to send a custom header later on. You can't send header information after a script has started sending the response body, so these little invisible spaces result in the script failing.