Pure PHP/HTML views VS template engines views

Question

I would like to know which approach is faster, using the pure PHP in the HTML files or using a template engines like Smarty,Twig, ... What I would particularly like to know is next: which is parsed faster, is the Smarty cache for example faster than using pure PHP? Which of the template engines is the fastest? I'm about to rewrite simple application where speed is on the first place.

Answer 1

Let's tear the tropes related to this subject apart:

1. Keep logic out of the presentation - Do not put 'code' into your HTML

Anyone who says this and then tells you to go with templating is contradictory:

• PHP is an interpreted language - it becomes C code on execution.
  
• The templating 'syntax' is interpreted into PHP

They must stop lying to themselves. Their 'templating syntax' is a programming language built on top of another, which in turn is built on top yet another language - That's inefficient, redundant, and weird.

Furthermore, I fail to see how the very existence of the variables every templating engine that ever was depends on aren't considered logic - Their existence, content and implementation depend on a logical backend.

And what of those templating systems with if/else statements and for loops? That's the very essence of logic - The very concepts which most programming languages utilize. They require variable data which can only be generated or exist through some form of computation.

You cannot serve dynamic content without mixing presentation with logic. It's impossible.

---

2.1 It's safer...

So, you don't trust your HTML guy?

Case: You think your HTML/CSS guy is stupid and will accidentally print the database password

If that's so, I've got news for you - Your environment is already not safe if sensitive data can be accessed/modified from anywhere within the program.

Case: You think your HTML guy will print random server constants - it's dangerous to allow him, as an individual, to work with server logic

I see - He's either stupid, or hates his job and wants to be fired and therefore will do something dumb like printing session variables. Fine, but to that I'll say...

...Why the heck is this stuff not peer reviewed? Even if he had no access to direct server logic but rather a fancy templating system, he could still equally spread his his stupidity/hatred merely because he has final say on output. Or, he could even be in cahoots with another programmer (If any) and still access server constants and co.

-

2.2.1 Good templating engines automatically sanitize output, or allow the templating-guy to do it himself - he knows better when data should be sanitized

You dummy.

You don't know when output should be sanitized? You couldn't do that yourself..?

Even so, maybe you're just the code monkey and the HTML guy is a web-security HTML-injection specialist, and he should be the one sanitizing output. In that case, giving him access to PHP also allows him to use the likes of htmlspecialchars() rather than whatever the template gives him to do the same thing.

Regarding automatic escaping, provided you're safely passing along content, you can implement such a simple feature within the code you're doing so.

--

2.2 ...and I can control what data is being worked with

Think about classes, functions, etc - You throw data in, they work with it, then you get a result. Typically they do not deal with outside data unless it is handed to them (Doing otherwise is unclear, dangerous and bad practice - Some constants aside). Through these same methods, you can pass on precisely what you need to your output in an efficient, clear and unlimited manor.

--

All that said, it seems like the reason you think your templating engine is any safer than plain code is because you're lacking in several areas of general safety:

• You (Or whoever) do not peer review content - You allow individuals to output content.
• You are not implementing proper or safe programming practices, and seem to not realize that you can control what's passed along from point A to B.

---

3. PHP syntax is too hard/difficult to teach the style people

The truth is it's no more complicated than the psuedo-syntax created by template systems such as Smarty, so if this is an issue than dynamic content isn't for you.

The following is in PHP 'short syntax' - Is it too difficult?

<div class='username'><?= $username ?></div>

---

4. It's too much work to develop my own solution

Though I'd argue it's not, you're free to choose whatever you wish! Choose whatever fits your needs best. They're usually free, not difficult to integrate, and come with loads of features out of the box.

---

---

I'm under the impression that most people opt for templating simply because it looks 'neater' within the file - They love thinking that the TPL file is some special thing they created, they like the way the syntax looks; As if by some magic, the variable is 'called' by the little @ or # symbol and hops from your logic into the output.

It seems like a trick - The beautiful enchantress (AKA The templating engine) draws you in with her beauty. Though she's appealing to the eye, she's really a blood sucking demon and extracts your soul (Server resources) in exchange for eye candy nobody else sees (Your users would much rather have a faster website and more features funded by the $$$ you're saving on power/server renting)

<title>{{@title}}</title>
Vs
<title><?= $title ?></title>

---

---

I will admit, there's only one case I can think of in which templates have any ground over PHP - Portability to other applications. appartisan's answer addresses that. Even so, it's not hard to replace <?= $var ?> with {{@var}} - That's a job for a templating-esque system.