Jump to content

Switching to a php framework

Recommended Posts

Hi, I have been a php and java server developer for around 10 to 11 years now. I have my own php framework that I have built up from scratch that I have put several years into by myself. I'm currently working on a website project that is expected to have a 800,000+ users. I'm considering abandoning my own framework for now and learning a framework that is developed by a team and progressively updated. I've read into quite a few CMS and Frameworks just trying to consider my options. Lately, I've been listening to some podcasts and they all claim to use wordpress. I have also been referred to it by a buddy of mine who manages a lot of the state and bank servers. I am very vanilla, and I don't like being limited by what I can develope. At the same time I really need for this site to be secure, and although I feel like I am very strict on security. I know my work isn't going to be better than a team of developers that devote all their time into it. At the same time.


I love programming projects vanilla, but I am a very busy person, so I don't get the time I would like to further develop my framework. I'm just curious if anyone else here has any thoughts or suggestions. Whether to use something simple such as wordpress, or cake php, laravel etc.


Part of me wants to stick with my own.. However, I cannot risk losing this client over security flaws I may not be aware of.

Link to post
Share on other sites

I guess to further give some knowledge on what my basic uses are with my framework. Currently my framework incorporate user accounts, business accounts, email accounts, easy implementation of self-applications and widgets into websites, newsletters, blogs, file uploads, account and business-based schedules, employee timeclocks, and recently a store application that can plugin to any of my websites with 3 lines of code, that handles store inventory, online selling through paypals new 2017 php-sdk.

If I switch to a framework or CMS  i would definately like to re-write a lot of these features into it so that it doesn't affect the current sites that I manage.

Link to post
Share on other sites

If security is your goal, then WordPress is the last thing you want. They have fundamental problems: The WordPress core is largely based on 90s technology, and they haven't even adopted the most basic security features. When you start using third-party modules, it gets even worse, because a lot of them are written by amateurs who have no idea what they're doing. Last but not least, developing for WordPress is just painful for anybody who knows modern PHP.


As to frameworks, Laravel is fine (I don't know much about CakePHP). However, learning a new framework does take time (especially when you're new to the MVC pattern), and you'll be bound to one particular architecture for a long time. So choose wisely. Make sure the framework works for you.


A less radical approach would be to only integrate particular components into your existing framework:

  • The template engine Twig was originally developed for the Symfony framework, but it can be used as a standalone library and supports auto-escaping to prevent many XSS vulnerabilities.
  • PDO is a standard PHP extension which allows you to implement secure queries.
  • The new Password Hash API makes it easy to protect user passwords.
  • There's a new random number API which you can use for your anti-CSRF tokens, password reset tokens etc.
  • Like 1
Link to post
Share on other sites

Thanks for your response Jac, I think I will continue on with my framework then and do as you suggested. I already use the last 3 options you suggested. I'm going to look into twig. I know Laravel prides them self on their coding etiquette, but I don't like the idea of being bound to someones development long term. I'm very OCD with how my code is presented and documented... anyways, I appreciate you taking the time to give me some encouragement and options.

Link to post
Share on other sites
This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.