Vaporware No More: Zend Framework Available
A preview release (v0.1.1) of the Zend Framework is now available, and, so far, I must say that all looks well.
The one thing that I’m a bit curious about is the apparent removal of the Active Record implementation, Zend_Db_DataObject. The documentation for this object exists in the Programmer’s Reference Guide (see also Zend_Db_DataObject.xml
in Subversion tag release-0.1.1
), but it’s nowhere to be found in the API. I wonder whether the implementation exists in a different form in Zend_Db, or was it scrapped altogether?
The Active Record implementation aside, one of the other features I was looking forward to was the Zend_InputFilter framework. I know that Chris will undoubtedly write much more about this, but I wanted to point out one very cool feature: the strict mode.
The strict mode works like this: you pass an array of tainted data (let’s say the $_POST
array) to Zend_InputFilter to create a new object to access the data in a safe manner, and, then, by default, $_POST
is set to NULL
for the remainder of the script – you simply cannot access the raw, tainted data from $_POST
. Here’s an example:
This strict mode could be very useful in an environment with a team of application developers. Just set auto_prepend_file
in php.ini
to load up a script that grabs all autoglobal variables ($_POST
, $_GET
, $_COOKIE
, etc.) and stores them to Zend_InputFilter objects, and you never have to worry about your team accessing raw data – they must always use the Zend_InputFilter object to get to the data. (There is a getRaw()
method of this object, but I’ll let Chris discuss it in more detail.)
Finally, lots of folks are already talking about this. Here are some links: