NYCPHP Meetup

[Paul Houle]

csnyder wrote:
> Depending on what q() does (output or return?) it might be more
> natural to use <?=q($var)?>. Usually in the context of templates I
> like to see functions returning so that output is completely under my
> control.
    Some PHP installations support the short tags <? ?> and <?= ?> and 
others don't.  If you want to write code that runs everywhere,  you have 
to use <?php ... ?>

    My q() function is (more-or-less) a shorthand for 
echo(htmlspecialchars()),  with special handling for empty values.  It's 
probably an over-aggressive grab of namespace,  but it makes it easy to 
develop a company-wide habit of writing code that resists XSS attacks.  
(The 'prototyping' of PHP?)

    Here's a fun fact about <?php that I figured out recently:  I always 
used to write include files like

<?php

...define some functions...
...define some classes...
...set a few global variables ...

?>[EOF]

    where [EOF] is the end of the file.

    The trouble was that from time to time,  people using certain 
editors would cause spaces and carriage returns to appear after the ?>.  
This had the obnoxious effect of opening the output stream and making it 
possible to send http headers,  set cookies and do other important things.

    One day I discovered that I didn't need the "?>"...  I could just write

<?php

... PHP code...
[EOF]

    And it works just fine.  It scared the people at the office,  but 
they were glad to be rid of a nagging problem.