20 Feb 2007
Faffing About With Frameworks
Over the past few months I’ve been evaluating server-side coding frameworks for use in malevole and a few other projects. Basically, a framework provides an extra layer of abstraction to make common tasks easier and let you write clearer code, but you generally pay a price in terms of performance, flexibility and dependencies, so it’s a choice you have to make with care.
If I was setting up a team of people to produce a series of larger projects I suspect I’d opt for the Python-based Django, but to avoid hosting/configuration hassles and command-line faff I decided to stick with PHP for now. Code Igniter seemed ideal, but within minutes of starting a proper test application there were problems: I found a few obvious bugs, then noticed awkward quirks and limitations. Although there’s a lot to like, it wasn’t quite right, and the other frameworks (Zend, CakePHP, etc.) seemed either immature or cumbersome.
So I finally embraced my Not-Invented-Here tendencies and created yet another MVCish framework, with the following must-haves:
- Basic server requirements (PHP5 with minimal add-ons and common settings)
- No code generation/scaffolding or command-line stuff
- Clean and simple structure/syntax
- Flexible URL handling
- The ability to cache individual areas of the page
- Inherent XSS protection by HTML-encoding all data passed to views (can override to pass markup)
- Inherent CSRF protection by building checksums and expiry into forms
- Inherent SQL injection protection by using parameterised queries (possibly add active record-type abstraction later)
- Forced vetting of GET/POST/cookie inputs
- Streamlined form validation
- Full UTF8 support
After a couple of days’ work here’s how the malevole home page controller code ended up:
<?
class home extends Controller
{
function index()
{
$pageData = array
(
// title, description, etc.
);
$this->views->setContentType('text/html');
$this->views->add('home');
if (! $this->views->home->renderFromCache())
{
$this->views->home->addParams($pageData);
$this->models->add('weblog');
$this->views->home->addParam('notes', $this->models->weblog->getLatestEntries());
$this->views->home->renderAndCache();
}
Common::userDetails();
}
}
?>
The framework needs more work on form validation and sessions, but is otherwise complete and working really well. I doubt the world needs more PHP frameworks though, so it probably won’t get released.
Comments
Comments are now closed for this entry.