downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

Escaping from HTML> <Language Reference
[edit] Last updated: Fri, 22 Jul 2011

view this page in

Basic syntax

Table of Contents



Escaping from HTML> <Language Reference
[edit] Last updated: Fri, 22 Jul 2011
 
add a note add a note User Contributed Notes Basic syntax
php_engineer_bk at yahoo dot com 29-Sep-2010 05:42
all syntax:

<?php
if($true)
{
    echo
"true";
}
else
{
    echo
"false";
}
?>

<?php
if($true)
   echo
"true";
else
    echo
"false";
?>

<?php
if($true):
    echo
"true";
else
    echo
"false";
endif;
?>

Iranian php programming(farhad zandmoghadam)
mattsch at gmail dot com 25-Jun-2008 08:46
Less is more.  The shortest and easiest way to deal with the xml tag problem assuming short tags is enabled and you don't care to listen to people who want you to always use the full php tag is this:

<<??>?xml version="1.0" encoding="utf-8"?>
KOmaSHOOTER at gmx dot de 29-Dec-2007 03:36
you also can use this kind of syntax:

<?php if( condition ): ?>
 
<?php else: ?>
 
<?php endif; ?>
Tona at spikesource dot com 03-May-2007 10:22
Jascam: Try to find more resourceful information to make your point. Your lack of ability to understand more complex concepts is not enough to diminish such a popular language as PHP. Note also that php is not replacing html but complementing it.
madman 18-Apr-2007 03:45
As rosswilliams mentioned;  The example breaking in and out of the PHP tags doesn't "work as expected".  The manual and some comments mention that PHP "simply starts outputting whatever it finds..." any time a closing tag is encountered.  It would make sense to say instead - "...unless PHP is in the middle of a conditional statement; in which case it will only output the relevant block of HTML."

Some have said that using the 'echo' command is cleaner and more  efficient.  However, as the manual points out, the method of breaking out of PHP is more efficient when dealing with large sections of HTML.  Because there is less work for the parser.
Geekman at Textbook Torrents dot com 05-Mar-2007 01:19
Regarding the comment by rosswilliams at advocacytechnologies dot org:

Your suspicion is correct. The following all behave exactly the same:

<?php

// output the answer by escaping
if ($true_or_false) {
   
?>
    <p>The value of $true_or_false is true.</p>
    <?php
} else {
   
?>
    <p>The value of $true_or_false is false.</p>
    <?php
}

// use echo to do the same thing - more effecient and easier to read in my opinion
if ($true_or_false) {
    echo
'<p>The value of $true_or_false is true.</p>';
} else {
    echo
'<p>The value of $true_or_false is false.</p>';
}

// use ? : operators on entire string
echo ($true_or_false) ? '<p>The value of $true_or_false is true.</p>' : '<p>The value of $true_or_false is false.</p>';

// use ? : operators only on the pertinent bit, to save space
echo '<p>The value of $true_or_false is ' . (($true_or_false) ? 'true' : 'false') . '.</p>';

?>
alfridus 23-Jul-2006 11:53
Only this work:

<?php
$xml
= '<?xml version="1.0" encoding="UTF-8" standalone="no"?>';
echo
$xml;
 
?>

with space after '<?php' and before ' ?>', no spacing between
'<?xml' and a semicolon after '"no"?>';'.
brettz9 at yahoo dot com 02-Apr-2006 03:04
I've essentially tried to synthesize this
discussion at
http://en.wikibooks.org/wiki/Programming:
Complete_PHP/Escaping_from_HTML

One point not brought up yet...

The HEREDOC problem with some text editors
may be fixable in at least some text editors
by adding a comment with a quotation mark
as such afterwards (albeit necessarily on a
new line):

<?php

$version
= "1.0";

print <<<HERE
<?xml version="
HERE;
//"

print $version."\"?>";

?>
Christoph 17-Jan-2006 01:08
Here's an inspiration on how to quickly fix all scripts relying on short_open_tag being enabled:

find -name '*.php' | xargs perl -pi -e 's/<\?= ?(.*?) ?\?>/<?php echo($1); ?>/g'
find -name '*.php' | xargs perl -pi -e 's/<\?/<?php/g'
find -name '
*.php' | xargs perl -pi -e 's/<\?phpphp/<?php/g'
Michael Newton (http://mike.eire.ca/) 12-Dec-2005 11:17
The XML declaration does not need to be handled specially.

You should output it via an echo statement, in case your code is ever used on a server that is (poorly) configured to use short open tags.

But there's no need to treat the ?> at the end of the string specially.  That's because it's in a string.  The only thing PHP ever looks for in a string is \ or $ (the latter only in double-quoted strings.)

I have never had need for the following, as some have suggested below:

<?php
$xml
=rawurldecode('%3C%3Fxml%20version%3D%221.0%22%3F%3E');
echo(
$xml);
?>

<?php echo '<?xml version="1.0" ?'.'>' ?>

<?php echo "<?xml version=\"1.0\"\x3F>" ?>
php [AT] jsomers [DOT] be 23-Sep-2005 07:37
PEAR states:

Always use <?php ?> to delimit PHP code, not the <? ?> shorthand. This is required for PEAR compliance and is also the most portable way to include PHP code on differing operating systems and setups.

It are these small things that enhance readability in group projects, or libraries.
pablo [] littleQ.net 24-Jul-2005 09:06
Just another more "feature" of IE...

Content-Disposition: attachment; filename=\"__FILE__\";

__FILE__ can't have spaces or :

Regards
01karlo at gmail dot com 26-Jun-2005 03:44
Or, use the following:

<?php
$xml
=rawurldecode('%3C%3Fxml%20version%3D%221.0%22%3F%3E');
echo(
$xml);
?>

What is does it the value of the variable $xml is the RAW Url Encoded version of the XML thing.
Then it decodes it and echo it to the visitor.
p o r g e s at the gmail dot com server 02-Apr-2005 04:02
mike at skew dot org, I believe the differentiation is that "x"-"m"-"l" as a PI target is explicitly excluded from the definition of processing instructions.
Lachlan Hunt 29-Mar-2005 05:06
The person that suggested the use of this meta element above is wrong:

<meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8" />

That meta element and the XML declaration serve completely different purposes, and that meta element should not be used.  Such information should be set using the HTTP Content-Type header (see the header() function).

Any XHTML page that just uses that meta element without proper HTTP Content-Type header, will be processed as text/html by browsers regardless, and when the HTTP headers do serve as application/xhtml+xml (or other XML MIME type), that charset parameter in the meta element will be ignored.
mike at skew dot org 21-Oct-2004 11:53
mart3862 mentions "XML processing instructions" and quotes their syntax from the spec, but is mistaken in using

<?xml version="1.0" ...?>

as an example. This little bit of markup that appears at the beginning of an XML file is in fact not a processing instruction at all; it is an "XML declaration" -- or, if it appears in an entity other than the main document, a "text declaration". All three constructs are formatted slightly differently, although they all do begin and end with the same.

The difference between a processing instruction, an XML declaration, or a text declaration is more than just a matter of subtle differences in syntax, though. A processing instruction embodies exactly two opaque, author-defined pieces of information (a 'target' and an 'instruction') that are considered to be part of the document's logical structure and that are thus made available to an application by the XML parser. An XML or text declaration, on the other hand, contains one to three specific pieces of information (version, encoding, standalone status), each with a well-defined meaning. This info provides cues to the parser to help it know how to read the file; it is not considered part of the document's logical structure and is not made available to the application.
stooges_cubed at racerx dot net 20-Oct-2004 08:13
In the note above about escaping XML/PHP style <?xml tags, the following code was used:

<?
php  // Html safe containers

  
echo <<<EOD
<?xml version="1.0"?>
...all sorts of XML goes here...
Nothing will affect the output of this code until:
EOD;
?>

EOD is just an example stop/start name.

This works too:

<?php  // Html safe containers

 
$myOutput = <<<MYHTMLSAFEOUTPUT
<?xml version="1.0"?>
<html>
  <title>PHP Example</title>
  <body>
   <p>...all sorts goes here...</p>
  </body>
</html>
MYHTMLSAFEOUTPUT;

echo
$myOutput;

?>

Only disadvantage of using this is that all the code highlighting programs I've seen never get it right, making your code look eronous in the majority of viewers.

Another alternative is to keep the XML / HTML in a separate include file and read in when needed. I don't know how efficient/inefficient this is for (idiots like yourselves) small amounts of text.

xmlheader.txt:
<?xml version="1.0"?>

mypage.php:
<?php
 
include("xmlheader.txt");
?>
crtrue at coastal dot edu 01-May-2004 06:02
Although you can use the above methods to pass a document off as a valid for the W3C parser, a simpler-and-perfectly-legal method of doing so is to simple declare the document type in a meta tag. Something along these lines (mind the values in 'content' - I haven't personally used the Content-Type method in awhile):

<meta http-equiv="Content-Type" content="application/xml+xhtml; charset=UTF-8" />

Of course if you're using just XML, and don't use such functions, then the above methods will work just as fine.
mart3862 at yahoo dot com dot au 18-Apr-2004 04:29
Now the ultimate truth on how you should output xml processing instructions:

There have been several posts suggesting ways to include the text <?xml version="1.0" encoding="utf-8"?> in your output when short_tags is turned on, but only the following should be used:

<?php echo '<?xml version="1.0" ?'.'>' ?>
or
<?php echo "<?xml version=\"1.0\"\x3F>" ?>

Using one of these methods, and not making use of short tags, means your source code will also be a valid XML document, which allows you to do many things with it such as validation, XSLT translations, etc, as well as allowing your text editor to parse your code for syntax colouring.  Every PHP tag will simply be interpreted as an XML processing instruction (commonly referred to as PI).

The reason why all the other suggested methods are not advisable is because they contain the characters ?> inside the PHP tag, which the XML parser will interpret as the end of the processing instruction.

A processing instruction is defined in XML as:

PI ::= '<?' PITarget (S (Char* - (Char* '?>' Char*)))? '?>'

In other words, it explicitly forbids the characters ?> to occur together within a processing instruction, unless they are delimiting the end of the tag.  It also requires a PITarget (an identifier starting with a letter) immediately after the initial start delimiter, which means that all short tag formats are also invalid XML.

Following these guidelines will result in code that is portable to servers with any configuration and allow you perform many useful tasks on your XML or XHTML source documents.  Even if you do not intend to validate or translate your source documents, and you can ignore some incorrect syntax colouring in your text editor, it is still best to get into good habits early.
Anon 22-Feb-2004 02:05
Yet another way of adding the XML processing instruction is to use:

<?php echo '<?xml version="1.0" ?'.'>' ?>

Because the ? and > are separated, the parser will not terminate before it is supposed to.

As a side note, the W3C's parser seems to recognise this method (assuming it even checks for the PI).
TarquinWJ 06-Feb-2004 02:54
Not spotted any messages like this one - delete it if there was one.

My hosting service allows <? and ?>, but I like to use valid XHTML, so I came up with this simple solution:

It is possible to use the short tags <? ?> with XHTML or XML documents. The only problem is that X(HT)ML requires a declaration using <? and ?>

<?xml version="1.0" encoding="UTF-8"?>

To avoid the problem, simply replace <? with <<? ?>?
and ?> with ?<? ?>>

<<? ?>?xml version="1.0" encoding="UTF-8"?<? ?>>

This inserts a blank piece of PHP in between the < and ?, and when parsed will output the regular tag
<?xml version="1.0" encoding="UTF-8"?>
mwild at iee dot NO_SP_AM dot org 19-Dec-2003 01:12
The text between <script> and </script> in XHTML is PCDATA, so <  and & characters in it should be interpreted as markup. This is a bit limiting for PHP, which is often used to output tags, though you can of course use &lt; and &amp; instead. To avoid that, which makes your code look peculiar and is easy to forget to do, you can mark the PHP as CDATA, eg :

<script language="PHP">
//<![CDATA[
echo('Today is <b>'.date('l F jS').'</b>');
//]]>
</script>

If you don't do this, and your code contains < or &, it should be rejected by an XHTML validator.
johnbeech at (not saying) mkv25 dot net 08-Dec-2003 12:42
In the note above about escaping XML/PHP style <?xml tags, the following code was used:

<?
php  // Html safe containers

  
echo <<<EOD
<?xml version="1.0"?>
...all sorts of XML goes here...
Nothing will affect the output of this code until:
   EOD;
?>

EOD is just an example stop/start name.

This works too:

<?php  // Html safe containers

 
$myOutput = <<<MYHTMLSAFEOUTPUT
<?xml version="1.0"?>
<html>
  <title>PHP Example</title>
  <body>
    <p>...all sorts goes here...</p>
  </body>
</html>
MYHTMLSAFEOUTPUT;

echo
$myOutput;

?>

Only disadvantage of using this is that all the code highlighting programs I've seen never get it right, making your code look eronous in the majority of viewers.

Another alternative is to keep the XML / HTML in a separate include file and read in when needed. I don't know how efficient/inefficient this is for small amounts of text.

xmlheader.txt:
<?xml version="1.0"?>

mypage.php:
<?php
  include("xmlheader.txt");
?>
dave at [nospam] dot netready dot biz 18-Mar-2002 12:21
A little "feature" of PHP I've discovered is that the <?PHP token requires a space after it whereas after the <? and <% tokens a space is optional.

The error message you get if you miss the space is not too helpful so be warned!

(
These examples only give a warning with error_reporting(E_ALL) )

<?
PHP/*<Some HTML>*/?> fails...
<?/*<Some HTML>*/?> works...
mrtidy at mail dot com 12-Dec-2001 08:36
[Ed Note:
This is because of short_tags, <?xml turns php parsing on, because of the <?.
--
irc-html@php.net]

I am moving my site to XHTML and I ran into trouble with the <?xml ?> interfering with the <?php ?> method of escaping for HTML.  A quick check of the mailing list confirmed that the current preferred method to cleanly output the <?xml ?> line is to echo it:<br>
<?php echo("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"); ?>

 
show source | credits | sitemap | contact | advertising | mirror sites