Reputation: 22684
Echo string with multiple variables
All of the following commands work but which one is considered correct in terms of security, compatibility, speed, and other conventions?
//one
echo "$row->first_name $row->last_name <br />";
//two
echo $row->first_name . ' ' . $row->last_name .'<br />';
//three
echo $row->first_name;
echo $row->last_name;
echo '<br />';
Upvotes: 6
Views: 67878
Answers (7)
Reputation: 690
As others have said, there is no difference in security just speed/preference.
But one thing to add, don't escape output on the fly. It's better to filter it before it get stored in the database (single request) then keep doing it for every single request in the future.
Upvotes: 1
Reputation: 1674
I would say that being more explicit is the best way to go. I would also expect it to take longer for PHP to parse 1 because it has to determine if the tokens are variables inside the string or just part of the string. I lean towards 2, but sometimes you may have to split your strings into new lines because of keep things under something like 72 columns in keeping with code styling guidelines. What I would suggest is to look up different code style guides like the one for Zend (http://framework.zend.com/manual/en/coding-standard.coding-style.html).
Upvotes: 1
Reputation: 129139
All of them are fine as long as you have everything escaped/encoded properly. I'd go with the first one because it's the shortest and easiest to read.
Edit: I just did a small benchmark, and the second method is the slowest. The first method is the second-slowest. The third method is the fastest of the ones you posted, but the one Sinan suggested was about as performant.
Upvotes: 1
Reputation: 665
Although not one of the styles you specified, I recommend using braces for echo-ing strings, mostly on compatibility note.
echo "Welcome back, {$row->first_name} {$row->last_name}";
More information about this type of syntax can be found in PHP Strings.
Upvotes: 7
Reputation:
Number one is the best option, it is readable and most likely the fastest despite PHP having to parse for variables (compared to multiple concatenation). The SO Question here demonstrates how concatenation can slow you down. The third option is just plain unreadable, and relatively slow due to the concatenation at the end. None of them have any kind of security issues, and even the performance gains are really negligible - for this kind of thing your goal should be readability.
Upvotes: 1
Reputation: 73
all of them are fine.
in terms of speed, the first option is probably the fastest but also the most annoying to read.. third one is just dumb.
I'd go with the second one because that's how I've seen it used in commercial php software
Upvotes: 2
Reputation: 522625
There's absolutely no difference in terms of security among the choices you posted. I'd go for something along the lines of:
<p class="name"><?php echo htmlspecialchars("$row->first_name $row->last_name"); ?></p>
- no
<br />, they're not usually a good choice - do your styling in CSS using classes
- escape output (security!!)
- separate HTML from PHP values
- minimal syntax
- the speed difference won't matter
Upvotes: 4
Related Questions
- Print string with a php variable in it
- PHP echo variable and html together
- Mixing html and php variables inside an echo statement
- echo HTML with php variable
- How do you string a variable together along with a string in PHP?
- Insert Variable inside Echo
- String concatentation in html and echo statement
- Echo PHP variable with html formatting
- echo variable with HTML code within
- How to echo a variale in html (newbie)