2006.03.21

I’ve been meaning to try Ruby on Rails, not because I like Ruby, or even use Ruby, but the Rails framework is supposed to be the big payoff there. But now there’s CakePHP (and other frameworks) that try to do the RoR thing in PHP.

So far I’ve just worked through the CakePHP Wiki’s blog_tutorial_-_1, which all made sense, though I was very disappointed to see GET’s deleting data… Didn’t we learn this is bad? (GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval) In the apps I build, the ‘delete’ is typically a GET request to a page that then does a delete via a POST. That might not be perfect, but it works, and adds a confirmation to data deletion that most users seem to appreciate. (Ok, it looks like there is a Javascript confirmation at delete with the blog_tutorial_-_1 code, but in my opinion, that isn’t enough.)

Other than that little data deleting issue, CakePHP looks interesting, and I’ll dig in a bit deeper and see what it can do.

4 Responses to “Looking at CakePHP”

  1. I’ve said this before, and I’ll say it again. While you’re trying out other frameworks, I urge you to give Catalyst a shot.

  2. I remember reading about Catalyst, and while I love Perl and use it daily, right now I’m investigating PHP frameworks. It still makes me sad to admit that PHP has more motion in the web app space than Perl does. :(

  3. nateNo Gravatar says:

    I was very disappointed to see GET’s deleting data… Didn’t we learn this is bad?

    Come on man, of course this is bad, but we’re talking about a n00b-proof introductory example: it’s about implementing Cake, not HTTP best practices.

    That said, in the off-chance that you plan to put your newly written blog app into production, you can add the following you your PostsController:

    var $components = array('Security');
    
    function beforeFilter () {
        $this->Security->requirePost('delete');
        // or, for an added layer of authentication, to ensure 
        // the request is coming from your application:
        $this->Security->requireAuth('delete');
    }
    
  4. nate, you say “of course this is bad” but sadly, I mentioned it because I still see it fairly often. I just came off a project that did similar screwy things, and I continue to wonder, if people know these things are bad, why do they keep doing them? Best practices, eh? (Oh, and thanks for the code sample.)

« | »


buy the button:

Buy The Button