프레임 워크에서 프레임 워크 없음으로 전환

프레임 워크에서 프레임 워크 없음으로 전환

---

취미로 약 8 년 동안 PHP로 개발해 왔습니다. 2009 년에 저는 codeigniter를 선택했고 그 이후로 단일 프로젝트를 개발하지 못했습니다.

순수 PHP로 작업하는 경우 알거나 빠르게 스 니펫을 찾을 수있을 때 원하는 방식으로 작동하도록 수정하는 방법을 찾는 속도가 느려집니다.

CodeIgniter, Kohana 및 Symfony를 사용해 보았습니다. 저는 사용의 용이함을 좋아합니다 (그리고 데이터베이스 작업 속도를 크게 높여주는 ORM으로 교리를 사용하기 시작했습니다).하지만 프로젝트가 순수 PHP에서 소요 된 시간보다 3 ~ 4 배 더 걸리는 시간을 발견했습니다. 이전에 순수 PHP에서 해결 한 문제에 대한 해결책을 찾을 수 없을 때 지루하고 좌절합니다.

프레임 워크 사용에서 프레임 워크없는 접근 방식으로 되돌아 간 사람이 있습니까? 기본 보안 프레임 워크와 같은 것이 있습니까 (XSS 방지, 게시 된 데이터 필터링, 데이터베이스 사용을위한 정리 기능 제공)? 그런 것이 풀 스케일 프레임 워크보다 훨씬 더 많은 혜택을 줄 것이라고 생각합니다. 프레임 워크로 작업하는 법을 배워서 많은 것을 배웠다고 생각하지만, 내 코드로 작업하는 것이 더 행복 할 것입니다.

---

현재 버전의 PHP5에는 표준 라이브러리의 일부로 찾고있는 많은 보안 프레임 워크가 포함되어 있습니다.

• filter_input_array 를 사용 하여 외부에서 들어오는 항목 을 선언적으로 삭제합니다.
• SQL 주입 공격을 방지하기 위해 매개 변수화 된 SQL 로 PDO 를 통해 데이터베이스에 액세스합니다 .
• 다음 PHP 설정을 사용하여 사이트가 세션 고정 및 쿠키 도난에 대해 더 내성을 갖도록하십시오.
  • session.use_only_cookies (세션 토큰이 URL로 유출되는 것을 방지)
  • session.cookie_httponly 또는 session_set_cookie_params ()httponly 속성 ( 호환되는 브라우저에서 세션 쿠키를 읽는 스크립트로부터 보호)
  • 더 많은 제안과 PHP 예제 코드는 Wikipedia에서 볼 수 있습니다 .
  • setcookie ()httponly 와 함께 속성을 사용할 수도 있습니다 .
• 새로운 HTTP 및 HTML5 기능에는 기본 템플릿 및 헤더 설정 보다 더 멋진 것이 필요하지 않습니다.
  • HTTP Strict Transport Security (WiFi 악용으로부터 보호합니다.)
  • X-Frame-Options (페이지 삽입 제한. 피싱 방지)
  • HTML5 IFrame Sandbox 속성 (샌드 박스 타사 광고 / 배지 / 동영상. 이미 WebKit에 있습니다. Firefox 11에서 적어도 부분적으로 구현 될 가능성이 있습니다.)
  • 콘텐츠 보안 정책 (샌드 박스 속성을 보완하는 파이어 폭스 4의 새로운 보안 프레임 워크. 현재 Chrome 에서도 구현 되고 있습니다.)

HTML을 입력으로 받아들이는 경우 HTML Purifier를 잡고 filter_input_array 설정에서 FILTER_CALLBACK 줄을 통해 호출하는 것이 좋습니다 . 입력 보안에 대한 화이트리스트 기반 접근 방식은 XSS에 대한 훌륭하고 강력한 첫 번째 방어선을 만듭니다.

내가 말할 수있는 한, PHP는 교차 사이트 요청 위조 로부터 보호하기위한 메커니즘을 제공하지 않지만 Google이 당신을 도울 수 있다고 확신합니다. OWASP 보안 cheatsheet를은 당신이 당신의 자신의 보호를 구현하려는 경우에 대한 섹션을 포함한다.

호기심 때문에 독립 실행 형 구성 요소도 살펴보기로 결정했으며 지금까지 찾은 내용은 다음과 같습니다.

템플릿 :

• PHP 템플릿 상속 (일반 PHP와 템플릿 상속)
• TWIG (Django / Jinja2 / 자동 이스케이프 및 샌드 박싱을 포함한 Liquid 스타일 구문. 속도를 위해 캐시 된 PHP로 컴파일됩니다.)
• Dwoo ( Smarty 의 더 빠르고 기능이 뛰어난 PHP5 버전의 후속 제품 입니다. 기존 Smarty 템플릿에 대한 호환성 시스템을 포함합니다.)

Stuff I still haven't looked into properly:

• Route dispatching (Only found RouteMap and Net_URL_Mapper so far. Thanks, cweiske.)
• ORM (Just in case bare PDO isn't your thing)

---

I don't believe in frameworks... I have worked in many of them.

Reasons for hating MVC frameworks:

1) Code bloat, I purchase premium classes that assist me in development. Such as form classes or SQL classes.

2) I believe that MVC frameworks are not easily portable especially when using dependency managers.

3) I believe that you actually write more code with a MVC framework then if you had to use a boilerplate with a ton of useful classes that handle authentication etc.

4) Most frameworks also cater for just one or two databases natively.

I would suggest finding a form framework with authentication and text editor & a sql framework like madoo + a email class...

90% of your application is always forms , sql & ajax CLASSES - the rest can just be acquired when needed

I am a minimalist and I struggle with the idea of having code in my application that is not doing anything ... just in case I need it does not work for me.

---

Based on your statement that you've been using PHP as a hobby, as well as your profile statement "Slowly getting there", this seems like a learning curve issue. You don't appear to have the depth and breadth of experience to a) understand how to work within the structure that the framework imposes and b) you are thus unable to benefit from the efficiencies that the framework enables.

I urge you to stick with it. Go back to the beginning with the video tutorials. Find and read other peoples code until you understand it. Build your projects from the bottom up - start simply, and add functionality. Follow the forums, trying to answer questions yourself before reading replies.

I've been programming professionally for almost 20 years, across a variety of platforms, and it still took me a while to become comfortable with CI. But now that I am, I wouldn't go back to pure PHP (for my own projects) unless I had a site of sufficient scale that it exposed quantifiable performance issues (think Twitter).

---

With that much experience behind you, you must have your own set of favorite libraries, hand pick them and come up with your own simple framework. Framework or no framework (and which one at that) depends on the kind of project at hand, no glove fits all. So i would strongly suggest that if you feel that the existing frameworks are slowing you down, spend sometime and come up with a framework which works as per your needs.

---

Zend Framework is really super for that. You can use as much or as little as you want. Its all coded in php and open sourced so you can just hack at it and make it your own. The different component are not dependant on eachothers as much as in other frameworks.

You could build yourself a simple framework using some components from Zend without any problems.

Check it out!

---

I Know exactly the way you feel. I started 4~5 years ago in PHP (I came from Delphi, lol), and started in pure php. What I had back them was a "CMS Panel like" wich just read all tables fields and create the form. After sometime I reached somehow in the knowledge of PHP Frameworks, I tried CakePHP for first and didn't liked, after, got into Yii wich in my opinion is pretty intuitive and easy-use (With it's Gii generator it rocks pretty much). I Tried Symfony, ZF2, Laravel, Yii2-Beta and some frameworks for RAD, but still I wasn't feeling fast enough like before the frameworks.

Happened that I developed my own framework (It was naturally, not exactly that I woke up some day and said "I'm going to create a new framework", happened with the time) . I Know it's a bad bad bad practice and "wheel reinvention" move, BUT, I now develop my projects much faster (more than PHP only).

Since it's code is a total MESS, I started about one month ago to reformulating my framework, now it uses composer, follows common rules that exists between the php frameworks, is MVC.

Why I'm reformulating ? Because if someone needs to repair a project of mine it will not be a another world thing.

So I Understand you.

My Advice is, prepare your tools (call it a framework, a preset-app or whatever people names it), and use it the way you feel better, but still follow some common rules (Like MVC, "easy to module" things wich you can replace in case of broken.

---

For basic security, I use a custom filter method that wraps up my superglobals. Its syntax needs some getting used to, but is simpler than the PHP filter_var() API and doesn't let you slip sanitization:

 $_GET->text("inputvar") or $_POST->name["field"]

It also allowed inline $_REQUEST->sql() escaping. But for database work keep using parameterized SQL, or your DAL/ORM of choice.

---

I did a one day study of ToroPHP and found it quite nice. It is a minimalist framework targetted to RESTful applications. This makes it possible to keep the server side code modular, without having to deal with bloat of any framework.

---

I don't know what is troubling you but codeigniter is a great framework.It has nice documentation and since lots of people use codeigniter you will find all the help in its documentation,or forum or on stackoverflow.I have worked on many frameworks (Codeigniter,CakePHP,Zend,Spring 3.0, Ruby on Rails),but I must say codeigniter has the best documentation.There are lot of things in codeigiter which are automatically handled and you don't have to worry about security. Working on core PHP is like re-inventing the wheel. Well the most important thing is that moving from a core to framework will need lots of your effort once you are used to it, you will start loving it.Also Ruby on rails is also a great framework once you know its ins and outs you can have double speed.

참고URL : https://stackoverflow.com/questions/3655145/going-from-a-framework-to-no-framework