A preview release of the Zend Framework is now available, and, so far, I must say that all looks well.
The one thing that I’m a bit curious about is the apparent removal of the Active Record implementation, Zend_Db_DataObject. The documentation for this object exists in the Programmer’s Reference Guide, but it’s nowhere to be found in the API. I wonder whether the implementation exists in a different form in Zend_Db, or was it scrapped altogether?
The Active Record implementation aside, one of the other features I was looking forward to was the Zend_InputFilter framework. I know that Chris will undoubtedly write much more about this, but I wanted to point out one very cool feature: the strict mode.
The strict mode works like this: you pass an array of tainted data (let’s say the
$_POST array) to Zend_InputFilter to create a new object to access the data in a safe manner, and, then, by default,
$_POST is set to
NULL for the remainder of the script — you simply cannot access the raw, tainted data from
$_POST. Here’s an example:
$filterPost = new Zend_InputFilter($_POST);
$username = $filterPost→isAlpha(‘username’);
var_dump($username); // will either contain the value of
// $POST[‘username’] (if it contains only
// alphabetic characters) or FALSE
var_dump($POST); // will print NULL
This strict mode could be very useful in an environment with a team of application developers. Just set
php.ini to load up a script that grabs all autoglobal variables (
$_COOKIE, etc.) and stores them to Zend_InputFilter objects, and you never have to worry about your team accessing raw data — they must always use the Zend_InputFilter object to get to the data. (There is a
getRaw() method of this object, but I’ll let Chris discuss it in more detail.)
Finally, lots of folks are already talking about this. Here are some links: