1

In pretty much every PHP page I have in netbeans, the end of the file usually ends with a closing PHP tag, ?>

If this tag is ever at the very end of the document, NetBeans shows a hint saying

Unnecessary Closing Delimiter

This doesn't seem to follow the general rule of closing tags throughout the rest of the document, why is it not needed at the end, and why does leaving it out not cause an 'Unexpected end of file' error?

Lee
  • 4,187
  • 6
  • 25
  • 71
  • 3
    Possible duplicate of [Why would one omit the close tag?](http://stackoverflow.com/questions/4410704/why-would-one-omit-the-close-tag) – Steve Aug 19 '16 at 11:02
  • Per the PHP manual `in some cases omitting it is helpful when using include or require, so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.` - http://php.net/manual/en/language.basic-syntax.instruction-separation.php – chris85 Aug 19 '16 at 11:06

1 Answers1

2

Only exit PHP mode if you want to output something to the browser after the end of the script. Eg:

<?php
   do_something_function();
?>
<div> this is HTML </div>

If you don't intend to send anything else to the browser, closing ?> leaves open the possibility that you send some whitespace anyway, which could have some unintended effects. Eg. If the user wants to download a secret message, your script might be:

<?php
  //set headers for content type and size

  //send message
  echo $encrypted_msg;
?>
    (<< there is unintended white-space here)

Because you are sending some white-space after the closing ?>, what the browser will receive is not what's expected. The message is probably corrupt and decryption will fail.

Another, perhaps more typical example. Suppose your front end code makes an ajax request to the php script and expects to receive JSON encoded info. Here is the script:

<?php
  header('Content-type: application/json');
  echo json_encode(['name'=>'Dana']);
?>
  (<< white-space)

In Firefox, the whitespace at the end will case a 400 Bad Request error because it turns the server response into badly formed JSON.

A much harder to fix problem can occur if the white-space is not in the file you're actively writing, but in another included file. Consider this situation:

main.php

<?php
  include 'value.php';
  setcookie('pref_language', 'english'); //to remember user's preference
  echo $value;

value.php

<?php
  $value = 'Hi, this is value.php';
?>
  (<< white-space)

Even though the file you're coding (main.php) is well written, the code will fail because cookies and headers must be set before anything is sent to the browser and unfortunately, value.php is emitting white-space. This kind of error can be a nightmare to deal with if you have large programs that include many scripts.

From the manual: (credit to @chris85 for finding this so fast)

The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include or require, so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later.

BeetleJuice
  • 39,516
  • 19
  • 105
  • 165
  • Why is it optional? If it's amajor security flaw, why is it not compulsory to always do this? – Lee Aug 19 '16 at 11:18
  • @Lee It's optional because PHP has no way to know whether you intend to output more after `?>`; in fact a large percentage of scripts need to do it as in my first example. So it makes no sense to ban it altogether. Netbeans is just being a good IDE looking out for you. Don't close the tags unless you need to. – BeetleJuice Aug 19 '16 at 11:23
  • I don't think you understand the logic, regardless of if we intend to output more, it should be looking at what IS after the tag. If there's content there, then that's fine anyway, because it's not the end of the document. – Lee Aug 19 '16 at 11:25
  • @Lee Thing is; white-space *is* content. The interpreter can't tell whether you mean for it to be there so it wouldn't make sense to ban it. The best that can be done is to warn you in that situation because it's unusual to just output white-space. Since it's still valid markup though, that warning can't come from PHP itself. That's why you get it from your IDE – BeetleJuice Aug 19 '16 at 11:33