csnyder wrote:
Depending on what q() does (output or return?) it might be more
natural to use <?=q($var)?>. Usually in the context of templates I
like to see functions returning so that output is completely under my
control.
Some PHP installations support the short tags <? ?> and <?= ?> and
others don't. If you want to write code that runs everywhere, you have
to use <?php ... ?>
My q() function is (more-or-less) a shorthand for
echo(htmlspecialchars()), with special handling for empty values. It's
probably an over-aggressive grab of namespace, but it makes it easy to
develop a company-wide habit of writing code that resists XSS attacks.
(The 'prototyping' of PHP?)
Here's a fun fact about <?php that I figured out recently: I always
used to write include files like
<?php
...define some functions...
...define some classes...
...set a few global variables ...
?>[EOF]
where [EOF] is the end of the file.
The trouble was that from time to time, people using certain
editors would cause spaces and carriage returns to appear after the ?>.
This had the obnoxious effect of opening the output stream and making it
possible to send http headers, set cookies and do other important things.
One day I discovered that I didn't need the "?>"... I could just write
<?php
... PHP code...
[EOF]
And it works just fine. It scared the people at the office, but
they were glad to be rid of a nagging problem.
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
