Escaping from HTML

Everything outside of a pair of opening and closing tags is ignored by the PHP parser which allows PHP files to have mixed content. This allows PHP to be embedded in HTML documents, for example to create templates.

<p>This is going to be ignored by PHP and displayed by the browser.</p>
<?php echo 'While this is going to be parsed.'?>
<p>This will also be ignored by PHP and displayed by the browser.</p>
This works as expected, because when the PHP interpreter hits the ?> closing tags, it simply starts outputting whatever it finds (except for an immediately following newline - see instruction separation) until it hits another opening tag unless in the middle of a conditional statement in which case the interpreter will determine the outcome of the conditional before making a decision of what to skip over. See the next example.

Using structures with conditions

Example #1 Advanced escaping using conditions

<?php if ($expression == true): ?>
  This will show if the expression is true.
<?php else: ?>
  Otherwise this will show.
<?php endif; ?>
In this example PHP will skip the blocks where the condition is not met, even though they are outside of the PHP open/close tags; PHP skips them according to the condition since the PHP interpreter will jump over blocks contained within a condition that is not met.

For outputting large blocks of text, dropping out of PHP parsing mode is generally more efficient than sending all of the text through echo or print.

In PHP 5, there are up to five different pairs of opening and closing tags available in PHP, depending on how PHP is configured. Two of these, <?php ?> and <script language="php"> </script>, are always available. There is also the short echo tag <?= ?>, which is always available in PHP 5.4.0 and later.

The other two are short tags and ASP style tags. As such, while some people find short tags and ASP style tags convenient, they are less portable, and generally not recommended.

Note:

Also note that if you are embedding PHP within XML or XHTML you will need to use the <?php ?> tags to remain compliant with standards.

PHP 7 removes support for ASP tags and <script language="php"> tags. As such, we recommend only using <?php ?> and <?= ?> when writing PHP code to maximise compatibility.

Example #2 PHP Opening and Closing Tags

1.  <?php echo 'if you want to serve PHP code in XHTML or XML documents,
                use these tags'
?>

2.  You can use the short echo tag to <?= 'print this string' ?>.
    It's always enabled in PHP 5.4.0 and later, and is equivalent to
    <?php echo 'print this string' ?>.

3.  <? echo 'this code is within short tags, but will only work '.
            'if short_open_tag is enabled'; ?>

4.  <script language="php">
        echo 'some editors (like FrontPage) don\'t
              like processing instructions within these tags';
    </script>
    This syntax is removed in PHP 7.0.0.

5.  <% echo 'You may optionally use ASP-style tags'; %>
    Code within these tags <%= $variable; %> is a shortcut for this code <% echo $variable; %>
    Both of these syntaxes are removed in PHP 7.0.0.

Short tags (example three) are only available when they are enabled via the short_open_tag php.ini configuration file directive, or if PHP was configured with the --enable-short-tags option.

ASP style tags (example five) are only available when they are enabled via the asp_tags php.ini configuration file directive, and have been removed in PHP 7.0.0.

Note:

Using short tags should be avoided when developing applications or libraries that are meant for redistribution, or deployment on PHP servers which are not under your control, because short tags may not be supported on the target server. For portable, redistributable code, be sure not to use short tags.

Note:

In PHP 5.2 and earlier, the parser does not allow the <?php opening tag to be the only thing in a file. This is allowed as of PHP 5.3 provided there are one or more whitespace characters after the opening tag.

Note:

Starting with PHP 5.4, short echo tag <?= is always recognized and valid, regardless of the short_open_tag setting.

add a note add a note

User Contributed Notes 11 notes

up
392
quickfur at quickfur dot ath dot cx
10 years ago
When the documentation says that the PHP parser ignores everything outside the <?php ... ?> tags, it means literally EVERYTHING. Including things you normally wouldn't consider "valid", such as the following:

<html><body>
<p<?php if ($highlight): ?> class="highlight"<?php endif;?>>This is a paragraph.</p>
</body></html>

Notice how the PHP code is embedded in the middle of an HTML opening tag. The PHP parser doesn't care that it's in the middle of an opening tag, and doesn't require that it be closed. It also doesn't care that after the closing ?> tag is the end of the HTML opening tag. So, if $highlight is true, then the output will be:

<html><body>
<p class="highlight">This is a paragraph.</p>
</body></html>

Otherwise, it will be:

<html><body>
<p>This is a paragraph.</p>
</body></html>

Using this method, you can have HTML tags with optional attributes, depending on some PHP condition. Extremely flexible and useful!
up
8
davidhcefx
1 month ago
When the PHP interpreter hits the ?> closing tags, it WON'T output right away if it's inside of a conditional statement:
(no matter if it's an Alternative Syntax or not)

<html>
<?php
$a
= 1;
$b = 2;
if (
$a === 1) {
    if (
$b == 2) {
       
?><head></head><?php
   
} else {
       
?><body></body><?php
   
}
}
?>
</html>

This would output `<html><head></head></html>`.
Aside from conditional statements, the PHP interpreter also skip over functions! What a surprise!

<html>
<?php
function show($a) {
   
?>
    <a href="https://www.<?php echo $a ?>.com">
    Link
    </a>
    <?php
}
?>
<body>
    <?php show("google") ?>
</body>
</html>

This gives `<html><body><a href="https://www.google.com">Link</a></body></html>`.
These really confused me, because at first I thought it would output any HTML code right away, except for Alternative Syntaxes (https://www.php.net/manual/en/control-structures.alternative-syntax.php). There are more strange cases than I thought.
up
80
ravenswd at gmail dot com
11 years ago
One aspect of PHP that you need to be careful of, is that ?> will drop you out of PHP code and into HTML even if it appears inside a // comment. (This does not apply to /* */ comments.) This can lead to unexpected results. For example, take this line:

<?php
  $file_contents 
= '<?php die(); ?>' . "\n";
?>

If you try to remove it by turning it into a comment, you get this:

<?php
//  $file_contents  = '<?php die(); ?>' . "\n";
?>

Which results in ' . "\n"; (and whatever is in the lines following it) to be output to your HTML page.

The cure is to either comment it out using /* */ tags, or re-write the line as:

<?php
  $file_contents 
= '<' . '?php die(); ?' . '>' . "\n";
?>
up
9
anisgazig at gmail dot com
1 year ago
Version of  7.0.0,3 tags are available in php.
1.long form tag (<?php ?>)
2.short echo tag(<?= ?>)
3.short_open_tag(? ?)
You can use short_open_tag when you start xml with php.
up
35
sgurukrupa at gmail dot com
6 years ago
Although not specifically pointed out in the main text, escaping from HTML also applies to other control statements:

<?php for ($i = 0; $i < 5; ++$i): ?>
Hello, there!
<?php endfor; ?>

When the above code snippet is executed we get the following output:

Hello, there!
Hello, there!
Hello, there!
Hello, there!
up
26
snor_007 at hotmail dot com
10 years ago
Playing around with different open and close tags I discovered you can actually mix different style open/close tags

some examples

<%
//your php code here
?>

or

<script language="php">
//php code here
%>
up
1
anisgazig at gmail dot com
1 month ago
In php there are 3 types of comments
1.single line c++ style comment(//)
2.single line Unix shell stype comment(#)
3.multi line c style comment(/*/)

single or multi line comment comes to the end of the line or come first to the current block of php code.

HTML code will be printed after //...?> or #...?>
closing tag breaks the php mode and return to html mode.

different comments in different tags:
===================================
<H1>Standard tag: <?php //echo " standard tag"; ?>single line c++ style comment</H1>
<p>The header above will break php mode and return html mode and show  'Standard tag:single line c++ style comment'</p>

<H1>Standard tag: <?php # echo " standard tag"; ?>single line unix shell style comment</H1>
<p>The header above will break php mode and return html mode and show  'Standard tag:single line unix shell style comment'</p>

<H1>Standard tag: <?php /*echo " standard tag"; */?>multi line c style comment</H1>
<p>The header above will break php mode and return html mode and show  'Standard tag:multi line c style comment'</p>

  <H1>short echo tag: <?= // " short echo tag"; ?>single line c++ style comment</H1>
<p>The header above will break php mode show a unexpected syntex error'</p>

  <H1>short echo tag: <?= #  " short echo tag"; ?>single line c++ style comment</H1>
<p>The header above will break php mode show a unexpected syntex error'</p>

  <H1>short echo tag: <?= /*echo " short echo tag"*/ ; ?>multiple  line c style comment</H1>
<p>The header above will break php mode show a unexpected syntex error'</p>

<H1>Short tag: <? //echo " short tag";?>single line c++ style comment</H1>
<p>The header above will break php mode and return html mode and show  'Short tag:single line c++ style comment'</p>

  <H1>Short tag: <? #echo " short tag";?>single line unix shell style comment</H1>
<p>The header above will break php mode and return html mode and show  'Short tag:single line unix shell style comment'</p>

   <H1>Short tag: <? /* echo " short tag";*/?>multi line c style comment</H1>
<p>The header above will break php mode and return html mode and show  'Short tag:multi line c style comment'</p>

    <H1>Script tag: <script language="php"> // echo " script tag";</script>single line c++ style comment</H1>
<p>The header above will break php mode and return html mode and show  'Script tag:single line c++ style comment'</p>

    <H1>Script tag: <script language="php"> /* echo " script tag";*/</script>multi line c style comment</H1>
<p>The header above will break php mode and return html mode and show  'Script tag:multi line c style comment'</p>

    <H1>Script tag: <script language="php"> # echo " script tag";</script>single line unix shell style comment</H1>
<p>The header above will not break php mode </p>
up
1
anisgazig.com
1 month ago
<p>This is ignore by the php parser and displayed by the browser </p>

<?php echo "While this is going to be parsed"; ?>

<?php

when php interpreter hits the closing tag it start to outputing everything whatever it finds until it hit another opening tag
.If php interpreter find a conditional statement in the middle of a block then php interpreter decided which block skip 

Advanced escaping using conditions

 
<?php $a = 10; if($a<100): ?>
  This conditional block is executed
  <?php else: ?>
      otherwise this will be executed
      <?php endif; ?>

In php 5 version,there are 5 opening and closing tags.
1.<?php echo "standard long form php tag and if you use xml with php this tag will be use";?>

2.<?= "short echo tag and alwayes available from 5.4.0";?>

3.<? echo "short open tag which is available if short_open_tag is enable in php ini configuration file directive or php was configured with --enable-short-tags.This tag has discoursed from php 7.If you want to use xml with php,then short_open_tag in php ini will be disabled";?>

4.<script language="php">
echo "Some editor do not like processing the code within this tag and this tag is removed from php 7.0.0 version";

</script>

5.<% echo "asp style tag and asp_tags should be enabled but now php 7.0.0 version,this tag is removed";%>
up
-1
Emil Cataranciuc
2 years ago
"<script language="php"> </script>, are always available." since PHP 7.0.0 is no longer true. These are removed along the ASP "<%, %>, <%=" tags.
up
-7
mike at clove dot com
9 years ago
It's possible to write code to create php escapes which can be processed later by substituting \x3f for '?' - as in echo "<\x3fphp echo 'foo'; \x3f>";

This is useful for creating a template parser which later is rendered by PHP.
up
-51
admin at furutsuzeru dot net
11 years ago
These methods are just messy. Short-opening tags and ASP-styled tags are not always enabled on servers. The <script language="php"></script> alternative is just out there. You should just use the traditional tag opening:

<?php?>

Coding islands, for example:

<?php
$me
'Pyornide';
?>
<?=$me
;?> is happy.
<?php
$me
= strtoupper($me);
?>
<?=$me
;?> is happier.

Lead to something along the lines of messy code. Writing your application like this can just prove to be more of an
inconvenience when it comes to maintenance.

If you have to deal chunks of HTML, then consider having a templating system do the job for you. It is a poor idea to rely on the coding islands method as a template system in any way, and for reasons listed above.
To Top