This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 9 years ago.
I've had an interesting phenomenon with a PHP end tag. I had a php file that was executed by an Ajax call. In the php file was included a php library file with assorted functions. When this library was included the php response included a bunch of blank lines. When I removed the end tag from the library this stopped happening.
Can anyone explain to me what going on here ?
This is well documented. From the PHP Manual:
The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include() or require(), so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.
Omitting the closing tag helps you prevent accidental whitespace or newlines from being added to the end of the file.
That's a core PHP feature: unlike other languages, you need to tag PHP code with a special tag (normally <?php) because everything else is considered literal output:
This is not PHP
<?php
echo 'This is PHP' . PHP_EOL;
?>
This is not PHP either
D:\tmp>php test.php
This is not PHP
This is PHP
This is not PHP either
Although the manual mentions HTML, PHP doesn't really know/care what content-type is outside its tags.
If you forget to close a PHP block when further stuff follows you normally get a syntax error:
This is not PHP
<?php
echo 'This is PHP' . PHP_EOL;
This is not PHP either
D:\tmp>php test.php
PHP Parse error: syntax error, unexpected 'is' (T_STRING) in D:\tmp\borrame.php on line 6
Blank lines are a sort of special case because they are valid and almost invisible in almost all languages (PHP, HTML, CSS, JavaScript...) so they often unnoticed.
Once you've removed the ?> tag, your literal blank lines have disappeared from the script output because they've become part of the PHP code (and, as such, they've started to get ignored).
Of course, blank lines are ignored by PHP but not necessarily by whatever you are generating which, as I said, does not need to be HTML: it can be a picture, a PDF document, an Excel spreadsheet. Bogus white lines can be easily avoided by not closing the last PHP block when it's the last part of the file.
Related
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 8 years ago.
In some scripts I see that they omit writing a closing tag ?> for the script. Why is it and should I do this as well?
(I'm sure they have not forgotten it.)
Well, omitting the closing tag is just one solution for avoiding blanks and other characters at the end of file. For example any char which is accidentally added behind the closing tag would trigger an error when trying to modify header info later.
Removing the closing tag is kind of "good practice" referring to many coding guidelines.
From PHP: Instruction Separation
The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include() or require(), so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.
php.net on PHP tags:
If a file is pure PHP code, it is preferable to omit the PHP closing
tag at the end of the file. This prevents accidental whitespace or new
lines being added after the PHP closing tag, which may cause unwanted
effects because PHP will start output buffering when there is no
intention from the programmer to send any output at that point in the
script.
They do it to avoid risking to have whitespaces after the closing tag which may stop headers to work.
This is, of course, true for PHP-only files.
CodeIgniter Framework suggests to omit closing tags for
"... can cause unwanted output, PHP errors or blank pages".
You can read it here.
Modern versions of PHP set the output_buffering flag in php.ini. If output buffering is enabled, you can set HTTP headers and cookies after outputting HTML, because the returned code is not sent to the browser immediately.
Are the examples still valid in this context?
It shows unwanted white space / blank page. HTTP headers do not work for those unwanted whitespace.
Most JavaScript injection is made at the end of the file. It will show an error message and breaks the code, injected JavaScript code does not get executed.
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 7 years ago.
Looking into code of few sites I noted that some php files have ?> at the end of file and some doesn't. Doesn't it matter - and if it does, when must I put ?> at the end of the file and when mustn't I?
Never use ?> at the end of the file.
It's entirely optional but including it provides the opportunity to slip whitespace into the output by accident. If you do that in a file that you include or require before you try to output headers then you'll break your code.
Putting ?> at the end of a PHP file has only drawbacks.
Putting ?> is optional if it is the last PHP tag. Omitting it in the last tag will benefit you in one case. There may be case where text editor append hidden special character after that tag. This could create problem. Omitting last closing tag will solve this problem.
From PHP Official Documentation - Instruction separation
The closing tag of a PHP block at the end of a file is optional, and
in some cases omitting it is helpful when using include or require, so
unwanted whitespace will not occur at the end of files, and you will
still be able to add headers to the response later. It is also handy
if you use output buffering, and would not like to see added unwanted
whitespace at the end of the parts generated by the included files.
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 8 years ago.
I tried to write a simple php file like this (and it worked):
<?php
echo("OK");
my question is:
Is it safe to write a php file without the "?>" at the end ?
Yes, it's documented that the closing tag at the end is optional.
In fact, it's better if you don't use it because if you do then sometimes extra whitespace at the end of your source ends up in the output when you don't want it to.
If a file is pure PHP code, it is preferable to omit the PHP closing
tag at the end of the file. This prevents accidental whitespace or new
lines being added after the PHP closing tag, which may cause unwanted
effects because PHP will start output buffering when there is no
intention from the programmer to send any output at that point in the
script.
It is recommended not to use end tag when PHP file contains only PHP code.
If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script.
http://php.net/manual/en/language.basic-syntax.phptags.php
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 8 years ago.
OK, I hate doing something for no reason, especially if it appears to be the stupidest thing I've ever seen, so here goes:
I'm encountering a codebase where the PHP files start with <?php, but don't end with ?>
I have not seen any documentation on why, but apparently this has something to do with "security".
Can someone enlighten me as to why I would break with common sense and leave out the closing PHP tag at the bottom of a file?
The documentation states:
If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script.
It has nothing to do with "security". It has something to do with functions whose behaviour depends on whether output has already been sent to the client or not. The best example is the function header(). It is meant for manipulating the HTTP response headers. This function will work only before any output has been send - as in HTTP there headers cannot being sent after the body.
Let's get back to the nature of PHP. It is a scripting language which can be embedded into other documents, like HTML:
<html>
<head><title><?php echo $title; ?></title></head>
<body><?php echo $body; ?></body>
</html>
When embedded into other documents PHP's output will be inserted into the document, leaving the original document as-is, meaning just sending it's literal content to the client.
When you have a class file, for example:
<?php
class Foo {
}
?><whitespace>...
<newline>
<newline>
... you are closing the PHP tag and have two forgotten spaces and new lines in the file. PHP would send those spaces and new lines to the client, meaning a function like header() wouldn't work anymore. This simply a text document with embedded PHP code. (Unlike source code files in other languages). PHP will replace the part between the <?php ?> and send the results + remaining parts of the file to the client.
If you omit the closing PHP tag in this case, the PHP parser would just ignore the spaces and newlines because they don't contain code.
According to php.net reason behind avoiding ending php tag is:
"If a file is pure PHP code, it is preferable to omit the PHP closing tag at the end of the file. This prevents accidental whitespace or new lines being added after the PHP closing tag, which may cause unwanted effects because PHP will start output buffering when there is no intention from the programmer to send any output at that point in the script."
This question already has answers here:
Why would one omit the close tag?
(14 answers)
Closed 8 years ago.
While I was developing with Magento, I found out that I don't need to put php end tag (?>) if I don't use HTML below PHP code. Is it safe and why don't we just put end tag?? Is it useful??
The official stance:
Note: The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include() or require(), so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.
It's useful when creating class files / code files, as it's very easy to add an extra space or newline at the end of a file, which can mess up output buffering header() output. Since PHP treats an EOF like a closing ?> in a file there's no danger in relying on the EOF.
Yes, it's useful, because you can't forget odd chars like \n after closing tag (which can prevent from sending cookies etc). In Zend Framework they do not use closing tags also (as a project code standart).