As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm an intermediate PHP developer with no experience building a large scale web application in this language (though I have in others, mainly Rails)...say I wanted to build a social networking site using PHP and MYSQL (preferably) with all the web 2.0 trimmings.
Where should I start? What sort of frameworks should I be looking at? Any up to date modern books that would outline something like this? Really anything for building a modern web app in PHP.
Ryan, there is a php framework called Elgg which is a php framework directed at social networking based applications.
A whole list of them:
Top 40 Free Open Source Social Networking Software
I suggest you have a look at the Yii Framework. It is very well-designed and was written with performance in mind. They've heavily focused on optimising their code for use in combination with an opcode cache like APC - no other framework has shown the same level of performance improvement when used with APC. Outside of performance, the framework also offers lots of built-in support for security (secure sessions with HMAC, SQL injection prevention, XSS prevention, etc.), forms, user input validation, caching, authentication/access control, and JQuery integration.
If you're an intermediate PHP programmer who is not experienced/confident enough to build your own framework, then Yii is a really good place to start as the code is very elegant and imho the programmer made some great design choices while writing the framework - simply reading through the Yii code makes for a great way to learn about how to design/write good PHP code.
Just my two cents...
Wikipedia has a comparison of various social network frameworks / software:
http://en.wikipedia.org/wiki/Comparison_of_social_networking_software
Several of them use PHP / MySQL.
I also saw this book on creating a social network in PHP:
Create a powerful and dynamic Social Networking website in PHP
What sort of frameworks should I be looking at?
Try a modern framework like Kohana or maybe something more engineered-OO like Zend Framework.
You also might want to consider a simple procedural framework instead of an OO framework. PHP does very, very well working at low levels.
Avoid Cake. It tries to be Rails-like, but not only do Rails idioms translate very poorly into PHP, Cake is stuck in the design era of PHP4.
People Pods may be what you're looking for. It's a PHP framework built with social networking in mind.
I'm actually doing this right now currently with Zend Framework, and it is working out fantastically well.. Zend is seriously powerful and scalable.
I've always hated doing all the initial work of creating login accounts and hashing passwords and putting stuff in place to manage SESSIONS, so moving forward with new work I plan on checking out an early revision of this project and simply forking it into whatever other site that requires logins.
I think the place to start is to really understand the fundamentals of HTTP and the tools PHP gives you for dealing with its stateless nature.
Beyond that, I would look into templating. Perhaps Smarty?
Finally, all of the normal MVC design patterns stuff apply equally to PHP, and there are lots of implementations if you'd like to use something off the shelf. You might want to check out Cake, if you need a framework.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I have heard a lot about PHP frameworks like ZEND, CodeIgniter,CakePhp etc and i am also well aware of some advantages of using it i.e. increased productivity,reduced errors etc but doesn't php framework make coding a complex process ? Doesn't coding without framework provides more flexibility ? Some people say you don't need any additional framework, as PHP is itself a framework.
So why there is so much usage of PHP framework ? Are frameworks really necessary in PHP?
This is a broad question and I think an important one. I am in the camp of NOT using frameworks unless absolutely necessary. The question is, when is it necessary?
First off, the thing that I think gave me this strange, allergic reaction to frameworks is that inexperienced coders want to use them for EVERYTHING, even tiny sites.... and it's bizarre. Maybe its through some need to make their resumes bigger by saying they've used codeigniter- but in my experience that doesn't make a damn bit of a difference. Hiring managers want SKILLSETS, not somebody that can read API documentation- which anyone can do. If you have working knowledge about program architecture and OOP principles, you're hired. If you don't, but you're a codeigniter ninja, .... eeehhhh.... ok?
Frameworks have their uses but I think when your mom wants to make a website for her bake sale then you can just slap a page together using a much lighter weight system. I don't sit in the camp of belief that you should include code "in case you need it". Over time, I have developed my own framework that is absolutely tiny, which is why every single web site or application I have ever built has ranked in the top 2% (though usually top 1%) of page load times in the world by google.
This is not to say they are bad- just don't go running off to use a framework because you want to put it on your resume- you're actually shooting yourself in the foot in the long run. Why? Because you won't spend time using the language itself, you'll spend time using the language of the framework. Take jQuery for instance- I avoided it for YEARS because it wasn't JAVASCRIPT. People scoffed at it- but now, when I go to a technical interview and I get asked (inevitably): "What is your experience level with jQuery", and I say "not much", and they for a second look surprised, but then I follow it up with "but I just wrote dependency injection via inversion of control in native JS yesterday"- I get hired ON THE SPOT.
Frameworks are great. Just ask yourself if you really need them. Particularly the question is: are the benefits of coding it yourself outweighed by the time benefits (don't forget about the learning curve of the platform) of the framework or not? On the one hand (non-framework approach), you learn a lot, and perhaps you take more time because you're working out your own kinks- but you learned a ton about the language itself (PHP in this case). On the other hand, you learned a new framework and maybe got a site up quicker that most likely is slower.
Wordpress is a great example of an overused framework in my opinion. Back in my freelancing days I used to take on gigs that needed me to "revamp a wordpress site"- only to find a site that could barely load because somebody plugged in every plugin they could find and made what was a stupid simple site into a tank with ungreased treads. It's OVERKILL in that case.
With my experience in CTO and Tech Lead positions, when somebody puts Wordpress and jQuery as primary points on their resume, to me that says "I don't know a thing about OOP and how to use these languages if required" which, in the real world (and I work on huge projects like windows 8 and other projects of that magnitude) - is OFTEN the case. Microsoft expressly forbids the usage of jQuery in their metro app system for MS released products because they want to show off their system dependency free.
Other companies, however, DO use frameworks. I just got off a project using Foundation and it was AWESOME- but that's because the architect of the project fully researched the framework and we used it RIGHT. The result was a fully responsive pristine code base that went from full monitor glory down to triscuit-sized smartphone screen awesomeness.
IN SHORT:
Frameworks, when used right, can be awesome- particularly for large projects (and I'm talking enterprise large). For smaller projects they aren't necessarily bad- but when they are used without thinking about their implementations, its like using a hatchet for a scalpel.
Just my 2 cents.
Doesn't php framework make coding a complex process?
It depends what you want to do. If all you're doing is creating a basic contact form for a site that is all static HTML, then yes using a framework would make it a more complex process. On the other hand if you're building a large scale app then using a framework would not necessarily make it more complex.
Doesn't coding without framework provides more flexibility ?
This depends on the framework itself, they aren't all the same. Some frameworks such as Slim or Codeigniter are very trimmed down and don't get in the way too much and so don't really impact on flexibility, some are more complex such as Symfony2/Zend.
Some people say you don't need any additional framework, as PHP is itself a framework.
They are right, you technically don't need a framework, you can do anything with plain PHP that you can do with a framework. Frameworks have really evolved from developers personal archives of functions and helper code. PHP can be relatively low level in that it doesn't have a ready made function to do everything you need. Before frameworks, developers tended to have their own set of helper code that would be reused on many projects. Frameworks are still essentially that, except they are collaborative projects that hundreds or thousands of developers contribute to.
One other benefit of frameworks is if you have several developers, and one has developed an application and you want another developer to contribute to it or take over it, then if the developer is familiar with the framework that was used he can get up to speed on the app much quicker than if it was written in plain PHP. Without the framework, the new developer would have to decipher the previous developers system before they even start to look at adding any new functionality.
Are they necessary in PHP?
No they are not, sure it is possible to code anything without frameworks. But it's more work, this is like: Why am I using C when I can do all the same by writing assembler?
So why there is so much usage of PHP framework?
The benefits of using frameworks is, that you can use many predefined things. For example, in most PHP frameworks you can use MVC Pattern. Sure you could also build your own MVC structure with flat PHP, but that is like re-inventing the wheel everytime again. Only thing is, if you have very specific requirements, you may can/should not use a framework, but in most cases the requirements are not that specific.
The point with MVC is only one of a lot benefits. Depending on the framework you want to use, there are specific benefits.
So, it is just like you said. By using a framework you can save time, because you don't have to re-invent everything that already exists.
You can see a framwork as a tool, that helps you to develop better and faster.
Edit: Like Ayesh K mentioned in his comment, it is also a benefits, that a framework is developed by many experts, so it normally is better code, following the principle: 'Four eyes see more than two'.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm trying to choose a framework that provides really good security of web applications, protects against as much of OWASP Top-10 as possible, such as:
Sql Injection
XSS
CSRF
Authentication
Authorization
etc.
the thing is I've tried researching really heavily:
Cakephp, Zend, Yii, Code Igniter, Kohana and some have basic authentication, maybe a little authorization, but nothing for any application that needs solid code-security.
Is most of the vulnerability types above currently secured by only writing custom code in these frameworks?
This is kinda my first experience with using frameworks, everything up til this point has been custom php web apps. My whole thought for php-frameworks was it was going to be easy to protect against these vulnerabilities, given it isn't natively, why use one? Or is there a framework out there I'm not looking at which is better than those listed above for strong web app security? Thanks
Security cannot be applied to an application like some veneer. Each kind of a security problem is dealt with in some other way, and most of PHP frameworks provide tools to write secure code:
Fighting HTML injection / XSS requires the use of a template engine
(like Twig) that escapes values by default or a component-driven
approach to displaying HTML. No framework
will help you, if you allow people to upload their files and have
them served from your own domain (you have to use a separate domain
for that);
You can avoid SQL injection by using db helpers that escape query
parameters; each framework you mentioned provides those (and of
course you can use plain PDO);
You can fight CSRF by using session-bound tokens. Each framework
offers some solution. In each case, however, you have to assist the
framework in some way (by adding a token to each form or by using a
form abstraction provided by the framework).
So in a way - yes, you have to think about security. I don't think any PHP framework could do anything more that they already do, unless there is a major paradigm shift that lets us design applications by dragging colorful boxes across the screen, not touching dirty, insecure things like HTML or SQL. What kind of support would you expect?
I'd also say try CodeIgniter.
Sql-Injection - If you use the active record pattern in CodeIgniter you're secure
XSS - It's a config value in config.php
CSRF - Also a config value in config.php
Login etc. - There are libraries for that like https://github.com/EllisLab/CodeIgniter/wiki/SimpleLoginSecure
Also CodeIgniter is easy to use if you're working with a framework for the first time and has a great user guide which is really easy to understand.
Edit: Since I'm still getting upvotes here in 2019, please check https://laravel.com/
The key vulnerabilities you mention happen in different and sometimes multiple layers and are often dependent on the context of what youre doing so a lot of them will offer the facilities to protect against this stuff but you have to make use of it.
For example both Symfony (1.x and 2) and Zend Framework have a form component/sub-framework that implments CSRF out of the box. But that doesnt mean its turned on by default (symfony's is... dont recall if zf's is or not). Same thing with XSS when we talk about the output escaping side in the view layer.
Now when it comes to framework preference for big apps i personally like Symfony 1.x and Symfony2, Zend Framework 1.x (not going to mention zf2 because i havent even played with it yet). For simple things i like Silex (based on Symfony Components).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I have known PHP basics, functional programming for a long time before. But this year, in my 2nd semester I have learned Object-Oriented Programming with Java. So I want to apply my knowledge of OOP to PHP. But I find it very difficult to think of any decent utilization. It's not like in Java everything is an object. I see it easier to connect to database an old way, to write some simple functions for logging or registration, etc.
All those examples http://php.net/manual/en/language.oop5.php just gives me knowledge about syntax, not methodology of using it.
So I began to think. Maybe it's because I wanted to apply OOP without any Framework, and it's no use without it? If so - any Framework recommendations that are easy to learn?
OOP is a methodology used to organise your code into meaningful, reusable entities and it doesn't alone answer to the question of "how to best organize your code to create web applications".
Most of the web frameworks use Model-View-Controller architecture (MVC) along with OOP. In order to understand how web frameworks work, I suggest you to familiarize yourself with MVC as well (for a starting point, see "Coding Horror: Understanding Model-View-Controller")
Also, regardless of any frameworks, it is crucial to understand some basic concepts when creating web applications. At the minimum, familiarize yourself with how sessions work (http://www.php.net/manual/en/book.session.php), as well as how you can access databases (PDO for generic database connectivity, MySQL for MySQL-specific binding, etc.).
As for what web framework to choose, the options are plenty. Therefore consider the following pointers as informative:
Yii Framework has a pretty clean OOP-based design (http://www.yiiframework.com/)
Another popular object-oriented PHP framework is CakePHP (http://cakephp.org/)
For a more light-weight framework with less overhead, consider CodeIgniter (http://codeigniter.com/)
The de facto web framework for PHP is Zend (http://framework.zend.com/). Its huge, comprehensive, well-supported, but not always the perfect companion when travelling light.
Also note that if you organize your code according to MVC, you may find yourself most comfortable when not using any frameworks at all
Also note that unlike in Java, in PHP object-oriented features have been slowly added during its versions 4 and 5. Therefore, many web frameworks designed for earlier versions of PHP may not provide you as cleanly object-oriented design as you might want. Therefore when choosing a framework, consider whether you opt-in for backward-compatibility (PHP4 support) or are you seeking for a clean, object-oriented design in the framework (mostly PHP5 required).
OOP has its usage outside of a framework, you cannot compare apples with oranges.
The most respectable frameworks out there are written in OOP. So try to use one such framework in order to see use cases of OOP, then learn from that framework (step through with a debugger and learn how the framework works from the inside).
I would recommend you two things, if you really want to become a pro:
Zend Framework - not easy to learn, but it will show you lost of things from the next point:
a book about design patterns - VERY VERY IMPORTANT
Regarding the databases: modern PHP code should use PDO.
The framework will only show you usages of design patterns and how to organize your code, so you'll develop a "common sense" for it.
After you've passed that point, you will be able to invent your own OOP-world, without a framework (if this really needs be, although a framework gives you the time to actually be innovative).
You don't need to learn any PHP framework to start applying OOP principles. You can check out this fine answer to see some application of OOP without any framework.
Learning a framework is definitely a good choice, because then you can use lots of ready-made component. There are a lots of PHP frameworks nowadays. You can check out CakePHP, Zend (component-based), YII, Symphony (Yahoo uses it), CodeIgniter etc.
Hope this helps.
First of all, you don't need a framework to utilize OO style of programming in PHP; in matter of fact PHP has many core classes that use object oriented approach. For example take a look at PDO or the SPL.
Anyways concerning frameworks, there are various OOP-based frameworks out there, most which follow the MVC pattern. Some popular frameworks you might want to look into:
Zend Framework
CodeIgniter
Symfony
CakePHP
Zend Framework is very extensive, but the learning curve can be quite steep, but it's definitely worth the effort. If you want a good introductory MVC framework, I can recommend CodeIgniter; it's very lightweight and easy-to-use. Unfortunately I have no first-hand experience of Symfony or CakePHP (or other MVC frameworks).
You should use framework. Your code will be more easily edited by other developers if you do so.
Code Igniter is quite easy and basic, but you can check out Zend, Yii, Symphony and so on.
I recommend you Codeigniter framework to start with
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 12 years ago.
Now days most of PHP web development companies use PHP frameworks or open source products for developing websites but is that a right approach? If so but what will happen to the PHP programmer skill and knowledge?
Don’t you think using approaches such as “PHP frameworks or open source modification” will kill the programmer skill over the time? Is that really worth it a website developer becomes a better PHP framework writer instead of being a better PHP programmer?
I absolutely have to disagree here. When is started programming, it was PHP and I had no clue what I did. I wrote everything myself and had no will to even look at framework. I spend way too much time in work that repeated again and again.
Frameworks are one of the most useful tools IMO (not only web frameworks)
They speed up development in lots of ways
Looking at the sources, I learnt more about good practices, design decisions, directions to think to
Taking bits and pieces of the framework and use it in other apps where the use of a framework is not possible
They help you focus more on your work (MVC, DRY, KISS, ...) instead of fiddling around with the basic
Most established frameworks have a huge user-base and are very well tested.
I think looking at other code helps you be better and more efficient over time. SO is a very good example of this.
Using a framework doesn't make you a weaker programmer, otherwise I could argue you should write you next web app in assembeler, not much fun.
A framework should be thought of more like an extention to a language, a DSL if you like. For example CakePHP is just PHP with extra cool-stuff that makes handling databases and sessions "cake" - excuse the pun.
By using a framework you take the 'yuk' out of preogramming, and allow yourself to treat data as objects, for example.
If you still feel you shouldn't use a framework, then write one, then use it! By this reasoning you should also go and rewrite the PHP libraries and interpreter, however I don't recomend it.
In my opinion, I don't think frameworks "kills the skills" at all, instead it allows skills and more creative workflows to develop, which ultimately leads to enhanced skill. Also, the understanding of how large scale applications are developed are increased with effective use of well developed frameworks, which is definitely a big plus in the end too.
It allows applications to be developed more quickly and efficiently; and the end result is what matters. If you write PHP and don't know assembly, it doesn't mean you've lost your skill - you've simply focused on a higher level of technological progress in this modern age.
I think it's important to know some of the underlying concepts, such as creating and interacting with databases, OOP, design patterns. Frameworks can introduce you to these concepts without making you learn everything at once. They also have the advantage of several thousand hours of development time already invested, a community of testers and bug fixers, etc.
Anecdotally, you hear stories of people starting with a framework and slowly replacing parts of it as they optimize sections of their site. They distill the framework's operations down to their specific requirements. You can't take this route if you aren't a strong programmer.
Frameworks allow you to do work without reinventing the wheel. And the people working on this framework are probably a lot smarter than you, and they have spent a lot more time thinking about the code.
At the end of the day, it's about getting things done. Any given individual may be more productive with a third-party framework, or without. But a framework is the conclusion of any large project, whether you end up creating it yourself or you rely on the work of others.
To work on PHP based framework, you need to be a better PHP programmer.
so, your skill level will increase and it will not decrease...to tell with an example.
We can start writing all the program in assembly language, why do we use high level language...? If you find the answer for this, then you will get the answer for this problem too. :-)
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
In the jungle of frameworks out there, I've come to the conclusion that I cannot simply decide on a framework without considering the type of application / site I want to create. I think I need a little help with determining this one.
This site is graphics heavy, with all of the content presented in a small <div> in the centre of the page, surrounded by graphics. The graphics around it should preferably be loaded only once.
The site will allow users to log on with their account and choose from a number of pre-made food recipes, or create their own. Then they can press a button to have the site generate a week or two of dishes.
The users will need their own control panel where they can customize stuff as wallpaper, dishes, labels etc. As well as browsing recipes, adding ingredients, and looking up which dishes they can create with the ingredients.
As mentioned, all of this data is supposed to be presented inside a square in the centre, so we need a system of jQuery panels. I was thinking of dynamically adding content to this square as needed. For example, emptying the content and adding new content to it when clicking links, etc.
We don't need any community per se; the possibility for discussion can be explored in a separate, external site.
I should mention I am more of a designer than a programmer. I get stuff pretty easily, but fear I don't have the capacity to create a framework like this from the ground up. I do know a bit of Visual Basic, but I'm not so good with C# syntax. I've never even touched PHP, but my partner has. He's also somewhat familiar with Java.
Basically, we need a framework that's easy to understand and get up and running.
I rolled my own framework based on http://kissmvc.com/. It allows you to basically do what you need in PHP but gives you an easy MVC framework to do it in. You don't have to learn the specific syntax to Zend, Cake, Code Ingiter or Kohana, all of which I played with before I found kissmvc. Based on a blog post by Rasmus, it was all the direction I needed and I love what I have now for reasons #animuson mentioned.
Rasmus' post: http://toys.lerdorf.com/archives/38-The-no-framework-PHP-MVC-framework.html
From what you write, I would say all "big, famous" frameworks will be able to do this fairly "easy"... So You should really define a few prototype tasks and check out a few of the frameworks. You should be able to solve this using, CakePHP, Symfony, CodeIgniter, Yii, Zend, or any other framework, so it is better to do some real testing.
You might look for a framework that has a tight integration to jquery, but this should not be a showstopper, since you should be able to implement this in almost any framework.
You might also consider footprint and execution time, and find a framework that performes well and is not too cpu heavy (read Yii or CodeIgniter for instance).
Good luck in the search
Ultimately if you want it to fit your needs you need to build your own framework, otherwise there will always be limitations. Keep in mind that there is no framework that you can simply install and tell it to do these things, you are going to need programming knowledge of how the framework works in its entirety and how to program your custom pages to work with those features. I found it easier to just build my own framework. That way I always knew exactly what everything did and if I needed something additional, I could easily add it in the correct spot without doing much thinking on it.
A framework is only the base materials and functions you need. If you're looking for something like a pre-built website such as PHP-Nuke or a forum system, you're looking for a content management system, not a framework. A framework generally comes with absolutely no pre-built pages. Might I add that some content management systems do come with their own framework and some use existing frameworks from elsewhere.
So, we basically need a framework that's easy to understand and get up and running.
well as far as the above statement is concerned you may want to have a look at cakePHP framework.
You will easily find help on cakephp framework on stackoverflow and cakephp google group. Response will be quite fast on both the sites.
You will need to go deeply through the documentation of every framework that you plan to use because with a functionality that you are planning to built would require you to study the framework quite well.
With cakephp you will be able to create CRUD (create, update, delete) operations quite easily with less effort, but for further functionalities you will have to study it's documentation and keep your cool while you learn it :-)
I have always found plain php to be all the framework I need.
PHP itself has all the features provided by the other frameworks
A superb templating engine, database access, parsing, and control logic.
The great thing is all these features implemented in a single unified component called "php".
The main problem is you need discipline to separate presentation, navigation, busines logic and database/persistence handling. You can have sql statements mixed in with your html, you can emit html directly from an sql statement in fact you have complete freedom to implement all the known anti-patterns and invent some of your own.
The "Java" and "Perl" frameworks generally provide things like request handling, template handling etc. which are missing from the basic language, but, these features are built into php. Most of what the "php" based frameworks do is force you into (a very sensible) MVC design pattern and save you a tiny bit of coding.