Although not one of the styles you specified, I recommend using braces for echo-ing strings, mostly on compatibility note.

尽管不是您指定的样式之一，但我建议对回显字符串使用大括号，主要是出于兼容性注意事项。

echo "Welcome back, {$row->first_name} {$row->last_name}";

More information about this type of syntax can be found in PHP Strings.

有关此类语法的更多信息可以在PHP Strings 中找到。

There's absolutely no difference in terms of security among the choices you posted. I'd go for something along the lines of:

您发布的选项在安全性方面绝对没有区别。我会去寻找类似的东西：

<p class="name"><?php echo htmlspecialchars("$row->first_name $row->last_name"); ?></p>

• no <br />, they're not usually a good choice
• do your styling in CSS using classes
• escape output (security!!)
• separate HTML from PHP values
• minimal syntax
• the speed difference won't matter

• 不<br />，它们通常不是一个好的选择
• 使用类在 CSS 中设置样式
• 转义输出（安全！！）
• 将 HTML 与 PHP 值分开
• 最小语法
• 速度差异无关紧要

All of them are fine as long as you have everything escaped/encoded properly. I'd go with the first one because it's the shortest and easiest to read.

只要您正确转义/编码所有内容，所有这些都可以。我会选择第一个，因为它最短且最容易阅读。

Edit:I just did a small benchmark, and the second method is the slowest. The first method is the second-slowest. The third method is the fastest of the ones you posted, but the one Sinan suggested was about as performant.

编辑：我只是做了一个小的基准测试，第二种方法是最慢的。第一种方法是第二慢的。第三种方法是您发布的方法中最快的，但思南建议的方法与性能差不多。

all of them are fine.

他们都很好。

in terms of speed, the first option is probably the fastest but also the most annoying to read.. third one is just dumb.

在速度方面，第一个选项可能是最快的，但也是最烦人的阅读……第三个选项很愚蠢。

I'd go with the second one because that's how I've seen it used in commercial php software

我会选择第二个，因为这就是我看到它在商业 php 软件中使用的方式

Number one is the best option, it is readable and most likely the fastest despite PHP having to parse for variables (compared to multiple concatenation). The SO Question heredemonstrates how concatenation can slow you down. The third option is just plain unreadable, and relatively slow due to the concatenation at the end. None of them have any kind of security issues, and even the performance gains are really negligible - for this kind of thing your goal should be readability.

第一个是最好的选择，尽管 PHP 必须解析变量（与多个连接相比），但它是可读的并且很可能是最快的。此处的 SO 问题演示了串联如何减慢您的速度。第三个选项完全不可读，并且由于最后的连接而相对较慢。它们都没有任何安全问题，甚至性能提升也真的可以忽略不计 - 对于这种事情，您的目标应该是可读性。

I would say that being more explicit is the best way to go. I would also expect it to take longer for PHP to parse 1 because it has to determine if the tokens are variables inside the string or just part of the string. I lean towards 2, but sometimes you may have to split your strings into new lines because of keep things under something like 72 columns in keeping with code styling guidelines. What I would suggest is to look up different code style guides like the one for Zend (http://framework.zend.com/manual/en/coding-standard.coding-style.html).

我会说更明确是最好的方法。我还希望 PHP 解析 1 需要更长的时间，因为它必须确定标记是字符串内的变量还是字符串的一部分。我倾向于 2，但有时您可能必须将字符串拆分为新行，因为为了与代码样式指南保持一致，将内容保持在 72 列以下。我的建议是查找不同的代码风格指南，比如 Zend (http://framework.zend.com/manual/en/coding-standard.coding-style.html)。

As others have said, there is no difference in security just speed/preference.

正如其他人所说，安全性没有区别，只是速度/偏好。

But one thing to add, don't escape output on the fly. It's better to filter it before it get stored in the database (single request) then keep doing it for every single request in the future.

但要补充一件事，不要即时逃避输出。最好在将其存储在数据库中之前对其进行过滤（单个请求），然后在将来为每个单个请求继续执行此操作。