Matthew Weier O’Phinney wrote about using Zend_Form with models. His approach puts a form inside a model, which then uses the form to validate itself. While this idea is not bad, I find it being upside down – I think the form should use the model to validate itself, not the other way around. But how would you utilize a …
Decoupling models from the database: Data Access Object pattern in PHP
Data Access Object pattern: It’s a pattern which abstracts the details of the storage mechanism – be it a relational database, OO database, an XML file or whatever. The advantage of this is that you can easily implement different methods to persist objects without having to rewrite parts of your code.
Reusable “generic” actions in Zend Framework
Sometimes you will need nearly the same functionality in many actions. This can lead to unnecessary code duplication if you aren’t careful, and there’s been a couple of occasions on #zftalk, where people have been asking for a good practice to avoid this. There are several ways to deal with this, such as moving the code into a separate function, …
Thoughts on unit testing and application design
Here are some thoughts and observations regarding application design and unit testing in the quiz-project I recently wrote about. When I was writing the Amazing Programming Language Guessing Script, I didn’t first write any unit tests. Partially because I just wanted to test something quickly, partially because I didn’t think there was any point in doing it. When I later …
NetBeans 6.5 review
During the weekend, I tried out NetBeans 6.5 and its new PHP related functionality. I had earlier seen some quick shots of how the support was, and it seemed like a good contender for big names like Zend Studio. What features does NetBeans 6.5 have for PHP developers? How does it compare against Zend Studio for Eclipse?
CSRF protection revisited
Yesterday, I was talking on IRC with Tom Graham. He was looking for a way to protect GET requests against CSRF. I showed him my CSRF protection plugin, as it would be suitable for protecting GETs too with minor modifications. This got me thinking what would be the best way to allow you to easily protect certain URLs with it, …
Improved Zend Framework package maker
Last month, I introduced the packageizer, which allowed you to choose a class from the Zend Framework and get it as a zip with its dependencies. Now, based on some feedback from users, I’ve improved the user interface of the tool: You can now select multiple items for inclusion in the package, and I’ve made it possible to get the …
Mix PHP and namespaces, get weirdness
In an interesting decision, the PHP devs have decided to use a backslash, \, as the namespace separator. This is a bit… curious.. choice of a character. They apparently had a long discussion about their choices, but really, couldn’t they just have used ::, as the manual showed for a while? It’s starting to feel like the fact that PHP …
How to CSRF protect all your forms
CSRF, or Cross-Site Request Forgery, is a vulnerability very common in websites. In short, it means that if you have your site at foo.com, and an attacker at badguy.com can display a form similar to one of your site’s, and make users on his site submit the forms on your site, possibly without their knowledge. This can be dangerous, especially …
Zend Framework – good for beginners or not?
I’ve heard some inexperienced PHP programmers say that Zend Framework is confusing to them. Until today, I have agreed: Zend Framework has a lot of classes and some of them are quite complex (such as Zend_Form). But does that actually make it more difficult for inexperienced programmers than other frameworks?