I have a simple site to develop and would like to learn PHP as I go. I want the site to be secure, scalable, and easy to maintain. Should I learn a framework and PHP simultaneously? If I build off of a framework there will be lots of unfamiliar code in play. Would you say this increases security risks?
views:
273answers:
10Absolutely. Frameworks will do all the boilerplate code for you, providing you a higher level of abstraction. It will probably be easier for you to code without dealing with some of PHP's idiosyncrasies.
Any half decent framework will also address security issues, so if you are new to the language, chances are your app written on the framework will be safer than the one you write from scratch.
I think minimising the amount of custom code you are writing is probably a good thing if you are not confident in your ability to create secure systems (particularly for things like authentication). As a result, I think using a web framework in this way would be to your advantage. It will also allow you to familiarise yourself with the core of the langauge without worrying about peripheral concerns.
I have seen a few people (with a big previous OOP knowledge) to learn PHP and symfony simultaneously without difficulties.
In fact, moving from PHP from an object oriented language is just learn a few conceptual things and the syntax and API of PHP itself.
I wouldn't recommend starting with a framework to beginning developers. If you've got a lot of experience with other OOP languages, there shouldn't be a problem. But you should at least know the basics (syntax e.g.) before even thinking about using frameworks.
There's nothing about using a framework that will impede you learning PHP, and using an established framework will reduce the security risk, as you'll be dealing with well tested code for handling common tasks.
At the core of most of the PHP frameworks in play these days is this simple three step workflow
The URL is requested and routed through a central bootstrap index.php file
The URL name is used to derive a classname and a method name (and action method). This is your main entry point and where you start writing PHP to handle the request
At the end of this method, control is handed over to a view template, which has access to certain values you set in step two.
Pick a framework, learn how it does the above, and then write any kind of PHP you want in the action method and the view template.
Yes, there will be a lot of other PHP framework code in play, but you never have to look at it.
Yes, the framework will have a multitude of features and/or a "preferred" way for handling things, but you only need to use those you instantly understand.
When you start noticing patterns of ugly, boring, or insecure code, take a look at the framework features again. More often than not after "doing it wrong" you'll get insights as to why the framework code did something in a particular way and you'll be happy to hand off the responsibility (I'd say ActiveRecord style models vs. SQL code is a big one here)
As you start using the objet oriented systems the framework provides you'll start to get interested in how they're doing certain things, and then you can start poking at the core framework code.
In my opinion, there's nothing wrong with learning a framework at the same time as you are learning a language. There are already a fair amount of situations where this is the case by necessity. For example, most people learning Objective-C learn the Cocoa frameworks at the same time, most C# programmers will learn .Net along with it, even the JDK should be considered a framework which you learn along with the Java language. And for what it's worth, I learned the Symfony framework with very little PHP experience beforehand.
I would advice you to start with PHP turorial on w3schools.com. It is short and clear. You can learn all the necessary basics in one-two hours. In order to understand any framework you will need that. Then study the first and the second chapter from CakePHP cookbook and create your first CakePHP applications using their tutorials. On the rest I agree with Alan Storm.
Getting started with a framework in PHP, also depends on the fact whether you have some prior programming experience and if yes, what kind of.
If you have muddled in some other programming languages like java, c, learning a php framework simultaneously while creating your website might not be too difficult.
Almost all of the PHP frameworks you will encounter use the MVC design pattern - if you understand the basics of MVC, if you have implemented or have gist of design patterns in other programming languages, then it will be quite easy starting with PHP frameworks.
Also your choice of PHP framework will be the deciding factor. If you employ PHP frameworks like Codeigniter, Yii, maybe even CakePHP which have comparatively smaller learning curves, you will find your path wellpaved for you in PHP. Although if choose some framework like Symfony, Zend - you might get frustrated in taking too much time in doing simple things, in turn blowing up your project.
As for the part about security risk, all of the frameworks I mentioned above and some others I have not mentioned, have spent enough time on the stage to have squashed the security risks.
Hope this helps in deciding.
I would say it depends on your prior experience. It's not so much PHP itself, but the web server environment it lives in that can be distracting. If you're already familiar with the HTTP request lifecycle and have written web applications in a similar stateless fashion as you do with PHP, you shouldn't have a big problem jumping right into using a framework.
If you come from a "stateful" background or no background at all though, the abstractions a framework offers can become a problem. You should at least know how to handle sessions, cookies, headers, $_POST
and the like in plain PHP before having the details abstracted away from you by a framework. Also see this previous answer of mine.
Although I'm a fan of frameworks, I agree with some of the other comments above. Starting with a framework can be pretty confusing, especially if you're not experienced in the theory of Model View Controller (MVC) object oriented programming (OOP).
Truth be told, I've seen a lot more unfinished framework projects in my day than apps built without a framework. If your application is written with some clunky PHP and the application takes off, then you can hire the necessary resources to move to a framework and get it developed to withstand a lot of usage and utilize resources effectively.
My advice would be to master PHP first, then move to frameworks. My last note on this, many frameworks have flaws as well - so depending on your application needs, applying the wrong framework could drive it into the ground.
Just my 2 cents as a guy that has released a couple of enterprise apps successfully - without using a PHP framework.