On Fri, Dec 16, 2011 at 11:53 PM, Eric Butera <eric.butera@xxxxxxxxx> wrote: > To all the people who responded to this thread: > It is 2011 - please stop writing code like this. > > To the OP: > I'm glad you're asking questions and realizing you're not happy with > your current abilities and suspect there's a better way. I've read > the replies in this thread and feel a bit let down. Use a templating > language - yes, I understand that is what php is for - but I won't go > into it. You should not be echoing, printing, or any other method of > concatenating html dealing with escaping quotes inside your php logic > code. Please separate your concerns. > > Not sure what that means? That's OK! If you want to move forward, > look up how modern frameworks deal with this issue using their views > or template views. You don't have to use a framework if you do not > want to, that's perfectly fine. If it works, it works. But in the > end, it the separation of logic and html is essential to code > maintenance. Eric, There are many posters to this list, and there exists a broad range of programming styles and abilities. I'll bet you're a competent programmer, and that you've worked hard to hone your craft. It takes passion and drive to improve one's skill set. However, I'd encourage you to focus that passion on the list in a way that facilitates the growth of those with questions whilst staying true to their current, specific needs. Frankly, every answer on the list could begin with the suggestion that they just use a framework. The list is here to help build up the entire skill set of PHP developers. Let's reexamine the original post: Hello all. > Can someone tell me which of the following is preferred and why? Use of the word "Which" implies that there were a closed set of options they wanted to consider, although we did offer some others, but they all stayed relatively true to his original options. > > echo "<a style='text-align:left;size:**14;font-weight:bold' > href='/mypage.php/$page_id'>$**page_name</a><br>"; > echo "<a style='text-align:left;size:**14;font-weight:bold' > href='/mypage.php/".$page_id."**'>".$page_name."</a><br>"; Simple. Please note there is no logic anywhere in this example. PHP is truly serving merely as a templating language here. So, while I agree with the general notion that logic should not be intermingled with markup, this particular example does not serve as the anti-pattern you suggest. Also, note that we aren't sure where the $page_id and $page_name variables are coming from. In instances where these are set manually within the script (like a view variables at the top of the page), there's no need to escape anything. That said, you're right, if the data is coming from somewhere else, escaping should happen, but there's not enough information to infer that, as you say, "You should not be echoing, printing, or any other method of concatenating html dealing with escaping quotes inside your php logic code." > > When I come across the above code in line 1, I have been changing it to > what you see in line 2 for no other reason than it delineates out better in > BBEdit. Is this just a preference choice or is one method better than the > other? The above statement suggests there's an existing codebase that was being worked through. In this light, the answers mostly focused on answering the OP's original question, realizing that this was existing code that he was refactoring lightly as he goes. This is not to say that I disagree with all that you said, as I actually developed my own framework that: - Cleanly separates PHP from HTML to avoid the intermingling of logic and presenation: http://nephtaliproject.com/documentation/markup/ - Automatically handles output escaping, input validation: http://nephtaliproject.com/documentation/examples/contact.php - And lots of other features that coincide with the general focus of your words. Given that work, I think it's fair to say that I do agree with several of your general points for web development overall. However, this question wasn't a big picture question on how to do web development with PHP. It was a simple question that was answered in a helpful, specific manner by several on the list. Adam -- Nephtali: A simple, flexible, fast, and security-focused PHP framework http://nephtaliproject.com