PHPackages ayesh/phptemplate - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Templating & Views](/categories/templating) 4. / 5. ayesh/phptemplate AbandonedArchivedLibrary[Templating & Views](/categories/templating) ayesh/phptemplate ================= Lightweight, fast, and simple template engine that you write templates in PHP. v1.0.4(6y ago)9121[1 PRs](https://github.com/Ayesh/PHPTemplate/pulls)MITPHPPHP ^7.2 Since Oct 26Pushed 6y ago2 watchersCompare [ Source](https://github.com/Ayesh/PHPTemplate)[ Packagist](https://packagist.org/packages/ayesh/phptemplate)[ RSS](/packages/ayesh-phptemplate/feed)WikiDiscussions master Synced 3d ago READMEChangelog (1)Dependencies (2)Versions (8)Used By (0) PHPTemplate =========== [](#phptemplate) Lightweight, fast, and simple template engine that you write templates in PHP. [![Build Status](https://camo.githubusercontent.com/2cfa0dfbe0286f915f5b474669efe3c29cdb5cc3ac36912171e282eab3b2e7bf/68747470733a2f2f7472617669732d63692e6f72672f41796573682f50485054656d706c6174652e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/Ayesh/PHPTemplate) [![License](https://camo.githubusercontent.com/1d43781c48b5c71d4cdb6e7d0d0b0b61ddb8eec389d8cf9a24937f705094cabf/68747470733a2f2f706f7365722e707567782e6f72672f41796573682f50485054656d706c6174652f6c6963656e7365)](https://packagist.org/packages/ayesh/phptemplate) [![Latest Stable Version](https://camo.githubusercontent.com/d24ed3e40c452c2f5bffbdd6760a8e349a3b523ad48662e4af2f864620db8ea1/68747470733a2f2f706f7365722e707567782e6f72672f61796573682f70687074656d706c6174652f76657273696f6e)](https://packagist.org/packages/ayesh/phptemplate) [![SymfonyInsight](https://camo.githubusercontent.com/ec28741b6ce7e6e30e15110ae75dc4cfa4f07f332bf0879eacbfd5931bfcb5ff/68747470733a2f2f696e73696768742e73796d666f6e792e636f6d2f70726f6a656374732f39356336303630352d333437662d346261632d396536612d3432396364616462393465632f6d696e692e737667)](https://insight.symfony.com/projects/95c60605-347f-4bac-9e6a-429cdadb94ec) [![codecov](https://camo.githubusercontent.com/c515bd35128be183ab577d1510a8b9c3c52204887bfa7607011b2ab324ca4f53/68747470733a2f2f636f6465636f762e696f2f67682f41796573682f50485054656d706c6174652f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/Ayesh/PHPTemplate) [![Scrutinizer Code Quality](https://camo.githubusercontent.com/d5eb9e9404ac0d2cf48fef8750ba4c930d2ffcb2d654624468f9b93a97c4a6d2/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f41796573682f50485054656d706c6174652f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/Ayesh/PHPTemplate/?branch=master) [![PHP versions](https://camo.githubusercontent.com/83cfd4711b5f319d7cdd18e8d09e4ddab1c5241e09f202d83c5c8818ca6b8eba/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d253230253545372e322d3838393242462e737667 "PHP versions")](https://camo.githubusercontent.com/83cfd4711b5f319d7cdd18e8d09e4ddab1c5241e09f202d83c5c8818ca6b8eba/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d253230253545372e322d3838393242462e737667) [![Too many badges](https://camo.githubusercontent.com/aadaf5fc1f58bb564077e5397e6ae97055ed8d0dff536fd6ebac145ebb50d422/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f7374796c652d746f6f5f6d616e792d627269676874677265656e2e7376673f7374796c653d746f6f6d616e79266c6162656c3d626164676573)](https://github.com/Ayesh/phptemplate) PHPTemplate is a very simple and light weight template engine that you can write your templates in PHP, but still tries to help you write secure-by-default templates. It provides secure-by-default variable access, and a few helper methods that you will learn in 30 seconds and you are all set to use it! > **I wish we had more templating engines in PHP.** > > *-- No one | ever.* In its simplest form, you can throw in any PHP file, and its output will be returned. You can optionally pass additional variables that will be made accessible inside the template, and these variables will be sanitized by default to make it difficult to forget sanitizing any user input. #### Simple Example [](#simple-example) *Template file: `test-template.php`:* ``` Hello World ``` *How to use template:* ``` $template = new Ayesh\PHPTemplate\PHPTemplate('test-template.php'); // render(); // $contents will contain the contents of the `test-template.php` file. ``` #### Example with variables [](#example-with-variables) *Template file: `test-template.php`:* ``` Good morning Welcome to ``` *How to use template:* ``` $vars = [ 'name' => 'alert("xss!");', 'sitename' => 'PHPTemplate', ]; $template = new Ayesh\PHPTemplate\PHPTemplate('test-template.php'); $contents = $template->render($vars); ``` Within the template, the special `$v` variable will be available, and will contain all the variables you provided at the time you instantiated the `$template` object. Every time you access these variables, they will be sanitized by default. In the example above, note that the `$vars['name']` variable contains a JavaScript. If you do not sanitize this variable, it will be interpreted as JavaScript, making your site vulnerable to Cross Site Scripting attacks. However, PHPTemplate library sanitizes these variables by default, which gives the following output: ``` Good morning <script>alert("xss!");</script>, Welcome to PHPTemplate ``` The above snippet contains the HTML you used in the template file, but notice how the `$vars['name']` variable is sanitized to HTML entities. Browsers will *not* interpret this as JavaScript, and will instead print the literal characters `alert("xss!");`. When you print this to the browser, your users will see the following, **without the browser interpreting JavaScript**: > Good morning *`alert("xss!");`* > > Welcome to PHPTemplate In addition to HTML sanitizing, this library provides sanitation for URLs as well. Consider the following template: *Template file: `test-template.php`:* ```