92
seCure develoPment For mobIle APPs
HTML Templating Support
HTML templating is one of the primary ways to separate PHP from HTML and
help isolate output into the HTML. Two goals are achieved by this. e first is clear
separation of concerns, which makes maintenance easier. e second is that visual
inspection from a security standpoint is greatly improved, making it much easier to
identify both where are and what kind of context data is being output to.
PHP Heredoc e PHP heredoc is a built-in language construct that can be very
effective in separating PHP from HTML. An example looks like this:
$message = <<<ACTIVATIONEMAIL
Hello {$user},
Thanks for creating an account with us!
Your account has been created.
You can login as soon as you have activated ...