Advantages / inconveniences of heredoc vs nowdoc in php

别说谁变了你拦得住时间么 提交于 2019-11-27 18:29:13
deceze

Nowdocs are to single-quoted strings what heredocs are to double-quoted strings. A nowdoc is specified similarly to a heredoc, but no parsing is done inside a nowdoc. The construct is ideal for embedding PHP code or other large blocks of text without the need for escaping.

http://php.net/manual/en/language.types.string.php#language.types.string.syntax.nowdoc

In other words:

$foo = 'bar';

$here = <<<HERE
    I'm here , $foo !
HERE;

$now = <<<'NOW'
    I'm now , $foo !      
NOW;

$here is "I'm here , bar !", while $now is "I'm now , $foo !".

If you don't need variable interpolation but need special characters like $ inside your string, Nowdocs are easier to use. That's all.

heredocs
1. heredocs text behaves just like a double-quoted string, without the double quotes.
2. Quotes in a heredoc do not need to be escaped, but the escape codes \n linefeed,
\r carriage return, \t horizontal tab, \v vertical tab, \e escape, \f form feed, \ backslash,\$ dollar sign,\" double-quote
can still be used. Variables are expanded, but the same care must be taken when expressing complex variables inside a heredoc as with strings.

Example :

$myname='Tikku';
$heredoc_exmaple= <<<HEREDOC
\\n ,\\r ,\t ,\r ,\\v ,\\e ,\f ,\\ , \ ,$89 ,$ , $myname , ' , \$myname ,  \" ,\'
HEREDOC;
echo $heredoc_exmaple;

//OUTPUT \n ,\r ,   , ,\v ,\e , ,\ , \ ,$89 ,$ , Tikku , ' , $myname , \" ,\'

nowdocs
1. nowdocs text behaves just like a single-quoted string, without the single quotes.
2. Quotes in a nowdocs do not need to be escaped.Variables are not expanded in it.Advantage of nowdocs is embedding PHP code and escape codes without the need for escaping.

Example :

$myname='Tikku';
$nowdoc_exmaple= <<<'NOWDOC'
\\n ,\\r ,\t ,\r ,\\v ,\\e ,\f ,\\ , \ ,$89 ,$ , $myname  , ' , \$myname ,  \" ,\'
NOWDOC;

echo $nowdoc_exmaple;

//OUTPUT \\n ,\\r ,\t ,\r ,\\v ,\\e ,\f ,\\ , \ ,$89 ,$ , $myname , ' , \$myname , \" ,\'

Syntax: A nowdoc is identified with the same <<< sequence used for heredocs, but the identifier which follows is enclosed in single quotes, e.g. <<<'NOWDOC'. All the rules for heredoc identifiers also apply to nowdoc identifiers, especially those regarding the appearance of the closing identifier.

Nowdoc is great when you don't want to deal with quoting and unquoting complex strings, since it won't interpret any quotes and it won't accept variables. As such, it's well suited to manually displaying actual code snippets!

However, if you're using a mix of heredocs and nowdocs for blocks of string content, which is an easy temptation to fall into, you could easily run into XSS (cross site scripting) problems where-ever you use heredoc! As such, this approach is just not clean enough for me to recommend to a developer starting out in php! Instead, you should be trying to use templates (of whatever kind, or whatever template engine you like), for these large blocks of information. After all, you don't want html in your php, and you -certainly- don't want user-injected javascript, like:

$username = '<script>alert(document.cookie.toString())</script>';

$insecure_example = <<<HERE
    I really like having my site exploited, $username
HERE;

So don't use HEREDOCS and NOWDOCS in the place of a proper templating approach or a templating engine.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!