Skip to navigation

malevolent design weblog

This blog is now defunct, but you can find more stuff over at my personal site

Faffing About With Frameworks

Over the past few months I’ve been evaluating server-side coding frameworks for use in malevole and a few other projects. Basically, a framework provides an extra layer of abstraction to make common tasks easier and let you write clearer code, but you generally pay a price in terms of performance, flexibility and dependencies, so it’s a choice you have to make with care.

If I was setting up a team of people to produce a series of larger projects I suspect I’d opt for the Python-based Django, but to avoid hosting/configuration hassles and command-line faff I decided to stick with PHP for now. Code Igniter seemed ideal, but within minutes of starting a proper test application there were problems: I found a few obvious bugs, then noticed awkward quirks and limitations. Although there’s a lot to like, it wasn’t quite right, and the other frameworks (Zend, CakePHP, etc.) seemed either immature or cumbersome.

So I finally embraced my Not-Invented-Here tendencies and created yet another MVCish framework, with the following must-haves:

  • Basic server requirements (PHP5 with minimal add-ons and common settings)
  • No code generation/scaffolding or command-line stuff
  • Clean and simple structure/syntax
  • Flexible URL handling
  • The ability to cache individual areas of the page
  • Inherent XSS protection by HTML-encoding all data passed to views (can override to pass markup)
  • Inherent CSRF protection by building checksums and expiry into forms
  • Inherent SQL injection protection by using parameterised queries (possibly add active record-type abstraction later)
  • Forced vetting of GET/POST/cookie inputs
  • Streamlined form validation
  • Full UTF8 support

After a couple of days’ work here’s how the malevole home page controller code ended up:

class home extends Controller
  function index()
    $pageData = array
      // title, description, etc.


    if (! $this->views->home->renderFromCache())
      $this->views->home->addParam('notes', $this->models->weblog->getLatestEntries());


The framework needs more work on form validation and sessions, but is otherwise complete and working really well. I doubt the world needs more PHP frameworks though, so it probably won’t get released.


Comments are now closed for this entry.