What is the "correct" way to start and close a PHP statement?

Question

Is there any difference or associated risk opening with the following PHP variations?

<? echo "hello world!"; ?>

<?php echo "hello world!"; ?>

<?="hello world!"?>

Also, is it necessary to close all scripts with ?>

Answer 1

The difference is that some servers might have the first and last examples disabled via short_open_tag. So if you want your code to be as portable as possible you should use the full <?php, otherwise when you move your code to a new server you might find it doesn't work as expected. Also using the short tags can cause clashes if you try doing <?xml type declarations. As far as security, using short tags can theoretically be dangerous if someone decides to turn short_open_tag off; code using that tag would then be plain-text and broadcast to all (check the comments for more)

As for your other question, omitting the closing tags is to prevent whitespace from being accidentally outputted to the browser, as this would mess some scripts up, particularly those trying to output headers of any kind. This is why the Zend Programming Guide recommends not closing your PHP tags.

Now that I got all that out of the way, unless I'm working on something that is open source I personally use short open tags and I close all of my PHP tags. This is because I am usually in control of my environment and I'm of the opinion that a) <?= is just too handy, and b) if you open something you ought to close it. The "best practices", however, don't really agree with that.

Answer 2

Portability can be important when you don't control the hosting. For example, when I wrote some PHP programs that were hosted on my college's hosting, they worked fine until they changed the configuration to disallow the syntax they broke a bunch of pages.

Even if it works at the time, if you aren't in control of the hosting there are no guarantees.

Answer 3

short open tags. It's often brought up that this option may not be enabled. I've never actually seen this be the case but I guess it's possible. You might need to move hosting providers or something. Generally speaking though, I'll just use the short form. If I ever need to change it, well it's a fairly simple search and replace to change

More to the point, how often does PHP you write need to be portable rather than just work on your specific application?

The only real consideration (imho) is the XML processing instructions, which might be an issue if you output XHTML although I've never seen a reason to do that instead of strict or transitional HTML.