Quantcast

Maximum PC

It is currently Thu Dec 25, 2014 2:29 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: insparsing HTML and PHP code together - security issues?
PostPosted: Thu Sep 09, 2010 12:25 pm 
Willamette
Willamette

Joined: Tue Feb 01, 2005 12:17 pm
Posts: 1495
Is there a security issue with maxing HTML code insode of a PHP script, like this...

----------------
<?php

<html>
<body>

<p>Hello!</p>

echo "<p>How are you</p>";

<p>I am doing fine.</p>

</body>
</html>

?>
------------------

versus something like this...

-------------
<?php
echo "<html>\n";
echo "<body>\n";
echo "<p>How are you</p>\n";
echo "<p>I am doing fine.</p>\n";
echo "</body>\n";
echo "</html>\n";
?>
---------------

Is the first or second method more secure, or does it not matter? Plus, which method would "execute" faster or get interpreted faster by the PHP parser?


Top
  Profile  
 
 Post subject: Re: insparsing HTML and PHP code together - security issues?
PostPosted: Fri Sep 10, 2010 9:17 am 
SON OF A GUN
SON OF A GUN
User avatar

Joined: Mon Nov 01, 2004 5:41 am
Posts: 11605
Other than the syntax you are using being wrong... no. It is how most is done.

Code:
<html>
<body>

<p>Hello!</p>

<?php
echo "<p>How are you</p>";
?>

<p>I am doing fine.</p>

</body>
</html>


Top
  Profile  
 
 Post subject: Re: insparsing HTML and PHP code together - security issues?
PostPosted: Fri Sep 10, 2010 9:43 am 
Bitchin' Fast 3D Z8000
Bitchin' Fast 3D Z8000
User avatar

Joined: Mon Jun 14, 2004 4:04 pm
Posts: 987
Location: Earth
cbassett01 wrote:
Is the first or second method more secure, or does it not matter? Plus, which method would "execute" faster or get interpreted faster by the PHP parser?


As Crash said, no, both are just fine. With regards to performance: if there were a difference, it would be negligible (near zero).

However, I would argue that the first method is more readable than the second. Why bother encapsulating HTML inside an echo statement when all you're doing is outputting HTML to begin with? Just print the HTML and don't worry about echo - only echo if you need to do something like:

Code:
<p>I am doing fine, but when I checked my weight this morning, I weighed <?php echo $weight; ?> lbs. </p>


Strive for readability, performance is negligible.


Top
  Profile  
 
 Post subject: Re: insparsing HTML and PHP code together - security issues?
PostPosted: Fri Sep 10, 2010 10:31 am 
SON OF A GUN
SON OF A GUN
User avatar

Joined: Mon Nov 01, 2004 5:41 am
Posts: 11605
Not to mention you have to type more with option 2 :)


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

© 2014 Future US, Inc. All rights reserved.