blocks|key|1460145|text|<?和<?=称为短打开标记，在PHP5.3或更低版本中并不总是启用(参见short_open_tag指令)(但从PHP5.4.0开始，<?=始终可用)。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1460146|实际上，在PHP+5.3.0提供的php.ini-production文件中，它们在默认情况下是禁用的：|1460147|$+grep+'short_open'+php.ini-production
;+short_open_tag
short_open_tag+=+Off|code-block|syntax|javascript|1460148|因此，在您想要分发的应用程序中使用它们可能不是一个好主意:如果不启用它们，您的应用程序将无法工作。|1460149|另一方面，<?php是不能禁用的--所以，使用这个是最安全的，即使它写起来比较长。|1460150|除了短的开放标签不一定被启用这一事实，我不认为有太大的区别。|1460151|entityMap|0|LINK|mutability|MUTABLE|url|http://php.net/ini.core#ini.short-open-tag^0|0|2|3|3|10|E|1V|3|10|E|0|0|0|0|0|5|5|0|0^^$0|@$1|2|3|4|5|6|7|10|8|@$9|11|A|12|B|C]|$9|13|A|14|B|C]|$9|15|A|16|B|C]|$9|17|A|18|B|C]]|D|@$9|19|A|1A|1|1B]]|E|$]]|$1|F|3|G|5|6|7|1C|8|@]|D|@]|E|$]]|$1|H|3|I|5|J|7|1D|8|@]|D|@]|E|$K|L]]|$1|M|3|N|5|6|7|1E|8|@]|D|@]|E|$]]|$1|O|3|P|5|6|7|1F|8|@$9|1G|A|1H|B|C]]|D|@]|E|$]]|$1|Q|3|R|5|6|7|1I|8|@]|D|@]|E|$]]|$1|S|3|-4|5|6|7|1J|8|@]|D|@]|E|$]]]|T|$U|$5|V|W|X|E|$Y|Z]]]]

<code>&lt;?</code> and <code>&lt;?=</code> are called short open tags, and are not always enabled (see the <a href="http://php.net/ini.core#ini.short-open-tag" rel="noreferrer"><code>short_open_tag</code></a> directive) with PHP 5.3 or below (but since PHP 5.4.0, <code>&lt;?=</code> is always available).

Actually, in the php.ini-production file provided with PHP 5.3.0, they are disabled by default:

<pre><code>$ grep 'short_open' php.ini-production
; short_open_tag
short_open_tag = Off
</code></pre>

So, using them in an application you want to distribute might not be a good idea: your application will not work if they are not enabled.

<code>&lt;?php</code>, on the other side, cannot be disabled -- so, it's safest to use this one, even if it is longer to write.

 
Except the fact that short open tags are not necessarily enabled, I don't think there is much of a difference.

blocks|key|1245466|text|除了关于使用短标签是不是一个好主意以及它是否应该被认为是被弃用的整个半宗教辩论之外，最初的问题是使用它们有多安全或不安全。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1245467|简而言之，如果在不支持短标记的服务器上使用短标记，则可能会暴露部分PHP代码，这可被视为安全漏洞。|1245468|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|F|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|G|8|@]|9|@]|A|$]]|$1|D|3|-4|5|6|7|H|8|@]|9|@]|A|$]]]|E|$]]

Apart from the whole semi-religious debate on whether or not using short tags are a good idea and whether or not it should be considered deprecated, the original question was on how safe or unsafe they are to use.

Simply put, if you use short tags on a server that doesn't support them, parts of your PHP code may be exposed which can be considered a security vulnerability.

blocks|key|1245528|text|您应该使用|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1245529|此外，在PHP5.5上，默认情况下|1245530|如果还不确定..。用谷歌搜索一下很有帮助=D|1245531|
|1245532|1245533|1245534|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|M|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|N|8|@]|9|@]|A|$]]|$1|F|3|G|5|6|7|O|8|@]|9|@]|A|$]]|$1|H|3|-4|5|6|7|P|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|J|3|-4|5|6|7|R|8|@]|9|@]|A|$]]]|K|$]]

You should use &lt;?= and ask your system administrator/host to turn the short_open_tags on, it doesn't have any cons to be turned off, also it has no slowdown, the parser look for the &lt;? the same way it look for &lt;?php inside the index, binary search (perhaps &lt;?PHP is slow due to lowering on parsing).
Also, already on PHP 5.5 &lt;?= will be turned on by default and on long term &lt;?= will be preferred while &lt;?php echo semi deprecated.
If not sure yet.. A bit of googling helps a lot =D

Are they equal in safeness? I was informed that using

<pre><code>&lt;?=$function_here?&gt;
</code></pre>

was less safe, and that it slows down page load times.
I am strictly biased to using echo.

What are the advantages/disadvantages?

PHP echo vs PHP short echo tags

服务器

它们在安全性上是一样的吗？我被告知使用<?=$function_here?>是不安全的，而且它减慢了页面加载时间。我严格地偏向于使用echo。优点/缺点是什么？

问PHP echo vs PHP短echo标记
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问PHP echo vs PHP短echo标记EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问PHP echo vs PHP短echo标记
EN