CodeIgniter Getting Started Surprises

I’ve been looking into the CodeIgniter PHP framework (CI)  for a couple of weeks and want to document some of the surprises and caveats I have discovered. Coming from a non-framework background, I was surprised at how similar the CI conventions are to my own pseudo “framework” that I use on my projects – so I guess I must’ve been doing something right so far!

This is what i’ve learnt.

CI is backwards compatible with PHP4

Which, in my opinion is something they should rectify – ie. retire support in the next major release and move forward. From what I have read about CI vs Kohana (a CI fork), it seems that CI is sacrificing pretty autoloading simply because they remain backwards compatible.

Edit: This is actually incorrect, as of version 2.0.2 the minimum required version of PHP is 5.1.6. Thats to Dale for pointing this out in the comments.

The MVC structure is superb, however…

Alot of tutorials i’ve watched lean towards using helper functions within views, such as for forms. From a developer perspective thats fine, however you can imagine a designer having problems with form_open() when he wants to add a simple class or ID. The upside is that they are just helpers – if you don’t like them, don’t use them.

Speaking of functions

I was surprised to discover the folder full of procedural helper functions. This is nice in terms of using functions anywhere inside the application, although it does seem a little out of place in an OOP framework. It would be nice to see these converted into classes.

Default session security is awful

Usually a PHP session’s data is stored server side and only a small cookie is kept client side to track a user session. However in CI, the session data is stored client side, which means that a simple alteration in firebug later and you potentially just gave yourself admin privileges or discovered some other potentially sensitive information. It should be noted that an encryption key can be used to protect session alterations, but having to add 3rd party classes to do conventional PHP session storage left me gob smacked.

Edit: Eric Barnes correctly pointed out that you can also securely store sessions in the database out of the box.

Using dashes instead of underscores in urls…

Is alot less trivial than you might think; In fact, i’m still trying to figure that one out.

CI is the logical introduction to frameworks

for the curious developer – the documentation is quite good and it has a strong community. The common view seems to be that some other frameworks (Zend, Symfony) are better for high end and complex application development, but CI has the easiest learning curve, and it does enough to satisfy most requirements.

Picking up CI (or in other words learning a PHP framework for the first time) is a bit like that feeling when you go from regular javascript to jQuery. You get blown away by how few lines of code it takes to achieve big things. It’s also great to get that feeling that all the crazy things about PHP are now wrapped up in a nice big blanket, and you basically don’t have to worry about them.

Having said that – learn PHP properly first, then learn a framework.

7 Replies to “CodeIgniter Getting Started Surprises”

  1. I just wanted to make a few notes about your post.

    1. Helper Function are actually very useful –

    2. Helpers are procedural functions because CodeIgniter has it roots from php4 and those have been around forever. If you are adding your own helpers you can use static classes if you wish but my feeling is one of the main reason the current ones are kept is for backward compatibility.

    3. The session library can be set to save the data to the database or use cookies. The choice is left up to you and what you feel is better for the app you are building.

    4. You can use dashes but really only via routing. The reason for this is controllers are php classes and php doesn’t support dashes in method names. Reference:

  2. @Eric

    I was not implying that helpers are not useful, only that some of the view specific helpers might make life a little hard for an average designer to implement CSS and javascript because some of the HTML is dynamically generated.

    On the other hand perhaps with a little education to our non-programmer friends the benefits would outweigh the negatives. One big benefit of the form helpers in particular is automatic CSRF protection when the CSRF config option is set to TRUE.

  3. Yes I do tend to agree and do not use all the helpers available in my apps. But I find I can’t live without the form, and url helpers. Also most helpers that deal with html allow a second or third param as a string of extra attributes. So you can still get your class and id. Example form_open(‘submit’, ‘class=”test” id=”my_form”); etc..

    Glad you gave CodeIgniter a try and I hope you end up loving it. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *