On 24.07.2016 at 18:21, Thomas Bley wrote: >> <?* $str ?> >> >> instead of >> >> <?=h($str)?> > > benefits are using static code analyzers, grep "<?=" for code reviews, etc.
Well, something like `grep -P <\?=(?!h[(])` seems to be a viable alternative. > Having function names with single characters is bad taste and only useful for > obfuscating. Cryptic "operators", however, are not? > The big difference is: > With <?*, you have to define an escaping function, with <?= it's optional. But you still have to rember to use <?* instead of <?= and use the proper escaping function. Actually, I'm not really interested in discussing the current RFC (the discussion is already rather lengthy, and has started to go in circles long ago). I just wanted to give an explanation why I would vote against it. -- Christoph M. Becker -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
