As a newbie, I have been advised to preferably use heredoc compared to too many nested codes (see Unexpected T_ELSE in php code).
But I can’t manage to understand if there is a significant difference between heredoc and nowdoc.
What would be the advantages for heredoc and nowdoc compared to the other one that would be important for a newbie to understand (i.e. not very minor advantages but important to understand for me).
Nowdocs are to single-quoted strings what heredocs are to double-quoted strings. A nowdoc is specified similarly to a heredoc, but no parsing is done inside a nowdoc. The construct is ideal for embedding PHP code or other large blocks of text without the need for escaping.
In other words:
$foo = 'bar'; $here = <<<HERE I'm here , $foo ! HERE; $now = <<<'NOW' I'm now , $foo ! NOW;
$here is “I’m here , bar !”, while
$now is “I’m now , $foo !”.
If you don’t need variable interpolation but need special characters like
$ inside your string, Nowdocs are easier to use. That’s all.
1. heredocs text behaves just like a double-quoted string, without the double quotes.
2. Quotes in a heredoc do not need to be escaped, but the escape codes \n linefeed,
\r carriage return,
\t horizontal tab, \v vertical tab, \e escape, \f form feed, \ backslash,\$ dollar sign,\” double-quote can still be used. Variables are expanded, but the same care must be taken when expressing complex variables inside a heredoc as with strings.
$myname='Tikku'; $heredoc_exmaple= <<<HEREDOC \n ,\r ,\t ,\r ,\v ,\e ,\f ,\ , \ ,$89 ,$ , $myname , ' , $myname , \" ,\' HEREDOC; echo $heredoc_exmaple; //OUTPUT \n ,\r , , ,\v ,\e , ,\ , \ ,$89 ,$ , Tikku , ' , $myname , \" ,\'
1. nowdocs text behaves just like a single-quoted string, without the single quotes.
2. Quotes in a nowdocs do not need to be escaped.Variables are not expanded in it.Advantage of nowdocs is embedding PHP code and escape codes without the need for escaping.
$myname='Tikku'; $nowdoc_exmaple= <<<'NOWDOC' \n ,\r ,\t ,\r ,\v ,\e ,\f ,\ , \ ,$89 ,$ , $myname , ' , $myname , \" ,\' NOWDOC; echo $nowdoc_exmaple; //OUTPUT \n ,\r ,\t ,\r ,\v ,\e ,\f ,\ , \ ,$89 ,$ , $myname , ' , $myname , \" ,\'
Syntax: A nowdoc is identified with the same <<< sequence used for heredocs, but the identifier which follows is enclosed in single quotes, e.g. <<<‘NOWDOC’. All the rules for heredoc identifiers also apply to nowdoc identifiers, especially those regarding the appearance of the closing identifier.
Nowdoc is great when you don’t want to deal with quoting and unquoting complex strings, since it won’t interpret any quotes and it won’t accept variables. As such, it’s well suited to manually displaying actual code snippets!
$username = '<script>alert(document.cookie.toString())</script>'; $insecure_example = <<<HERE I really like having my site exploited, $username HERE;
So don’t use HEREDOCS and NOWDOCS in the place of a proper templating approach or a templating engine.
Where-ever there is an interface between languages or technologies, you have to encode. php to sql? bind. php to html? encode. http to php?