What does <<

Question

I'm reading the following article on how to use htmlspecialchars() properly:

http://blog.astrumfutura.com/2012/03/a-hitchhikers-guide-to-cross-site-scripting-xss-in-php-part-1-how-not-to-use-htmlspecialchars-for-output-escaping/

In the article the following syntax is used as an example:

<?php header('Content-Type: text/html; charset=UTF-8'); ?>
<!DOCTYPE html>
<?php
$input = <<<INPUT
' onmouseover='alert(/Meow!/);
INPUT;
/**
 * NOTE: This is equivalent to using htmlspecialchars($input, ENT_COMPAT)
 */
$output = htmlspecialchars($input);
?>
<html>
<head>
<title>Single Quoted Attribute</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
    <div>
        <span title='<?php echo $output ?>'>
            What's that latin placeholder text again?
        </span>
    </div>
</body>
</html>

I am still pretty much a noob obviously and have never seen the <<

Just wondering if anyone could briefly explain what this syntax is meant to do. I'm trying to understand the article, but I sort of need to understand what this code is doing first.

It's [a heredoc](http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc). — Chris, Feb 04 '14 at 21:32
Thanks for the answers and sorry for the duplicate question. I know a bit about heredoc, but I've always seen it used as << — Joe, Feb 04 '14 at 21:49
Should I delete this since it's a duplicate question or just leave it up? — Joe, Feb 04 '14 at 21:51
@Joe, I'd leave it here. Now that it's been marked as a duplicate it links to the other question. If anybody searches using the terminology you used, they'll end up at the right place. — Chris, Feb 04 '14 at 21:57
You can use (almost) anything you want, just as long as both match. If could even be `<< — Funk Forty Niner, Feb 04 '14 at 22:03

What does <<

0 Answers0