A friend asked me today:
Onin php.ini at [servers you set up] or in general?
short_open_tag allows you to use
<?= in addition to
<?php when formatting code. The latter can be very useful if you are using PHP as a templating language—like with Savant or no templating system at all.
Many people think that there is a security reason for this. For the life of me, I can’t really see the security problem with the setting though I can see the security problem with the coding. That is… if you code using
short_open_tags, then you run the risk of running that code on a server where this variable it is off somewhere and suddenly you are dumping PHP code to people’s browsers. But that almost never happens and really if you have a configuration issue, you have bigger problems.
The real reason is simply that it violates valid XML markup to use short tags. Simply put, let’s say you have an example where your PHP page has to generate a valid XML file that needs a XML directive.
<?xml version="1.0" ?>
short_open_tags, this will generate a fatal error in the PHP engine! The workaround is to do something nasty like
echo '<'.'?xml version="1.0" ?>';
(or some such). As more websites contained XHTML or some weird sort of sacrifice to the Gods of all things XML (SOAP, XMLRPC, REST-XML), it was sooner convenient to admit defeat and just start coding in valid XML markup.
It violates valid xml. It was not recommended for use because it isn’t guaranteed to be on everywhere. Ever since then people have been in the habit of not using short tags just in case they are off. Soon, it became part of the php.ini-recommended and short tags, like
asp_tags and the alternative syntax for control structures got relegated to the dustbin of history.
What is the alternative syntax for control structures? Let’s not go there. 😉