Vaporware No More: Zend Framework Available

A preview release (v0.1.1) of the Zend Framework is now available, and, so far, I must say that all looks well.

The one thing that I’m a bit curious about is the apparent removal of the Active Record implementation, Zend_Db_DataObject. The documentation for this object exists in the Programmer’s Reference Guide (see also Zend_Db_DataObject.xml in Subversion tag release-0.1.1), but it’s nowhere to be found in the API. I wonder whether the implementation exists in a different form in Zend_Db, or was it scrapped altogether?

The Active Record implementation aside, one of the other features I was looking forward to was the Zend_InputFilter framework. I know that Chris will undoubtedly write much more about this, but I wanted to point out one very cool feature: the strict mode.

The strict mode works like this: you pass an array of tainted data (let’s say the $_POST array) to Zend_InputFilter to create a new object to access the data in a safe manner, and, then, by default, $_POST is set to NULL for the remainder of the script – you simply cannot access the raw, tainted data from $_POST. Here’s an example:

$filterPost = new Zend_InputFilter($_POST);
$username = $filterPost->isAlpha('username');
var_dump($username); // will either contain the value of
// $_POST['username'] (if it contains only
// alphabetic characters) or FALSE
var_dump($_POST); // will print NULL

This strict mode could be very useful in an environment with a team of application developers. Just set auto_prepend_file in php.ini to load up a script that grabs all autoglobal variables ($_POST, $_GET, $_COOKIE, etc.) and stores them to Zend_InputFilter objects, and you never have to worry about your team accessing raw data – they must always use the Zend_InputFilter object to get to the data. (There is a getRaw() method of this object, but I’ll let Chris discuss it in more detail.)

Finally, lots of folks are already talking about this. Here are some links: