Nephtali vs CakePHP, Yii, Kohana, Symfony, and Zend PHP Frameworks
Upon being asked if I knew of a writeup contrasting Nephtali with the Yii PHP framework, I realized I’d better get to work writing a post that fills the void. And, while contemplating the content, I realized I could include several other frameworks in the analysis, as Nephtali’s core design principles and architecture stand in stark contrast to popular conventions.
Design Principles: Don’t hide complexity, strive for simplicity
Just enough is more
Nephtali’s core API fits within one file and the current download is 35 KB (smaller than many jpegs.) The downloads for the frameworks we’re contrasting Nephtali with range from around one to 6.6 MB. Now, to a degree, this difference in size does speak to the difference in power out-of-the-box for developers. However, Nephtali has very different goals and design principles than the other frameworks.
Throughout the development of Nephtali, the core components of the vast majority of web applications were carefully debated and prioritized. Only features deemed essential and/or especially error prone were included in the framework.
Nephtali is a framework you can learn to use in a weekend, and it will provide you with a simple, solid foundation for any web application. In contrast, the other frameworks are very powerful PHP ecosystems that can cater to your every whim, and although you can gain competency for basic tasks over a weekend, you’ll likely need much more time to truly learn them.
Now, please don’t assume that I’m saying I don’t like the frameworks I’m contrasting Nephtali with because they’re too big. On the contrary, I rather like and frequently use several of them. I tend to use Nephtali for my core needs, and then if I need some OAuth or SMTP capabilities, I’ll just leverage Zend Framework’s powerful API’s for my particular need (yes, Nephtali plays nicely with your other framework friends.)
The frameworks contrasted with Nephtali in this article are all built using object-oriented programming principles. In contrast, Nephtali takes its cues from functional programming.
Now, some of you may be thinking, “Hey, PHP isn’t a functional programming langauge.” You’re right. However, some of the new capabilities included in PHP 5.3 (anonymous functions, closures, namespaces) provide just enough power for Nephtali’s novel approach. Specifically, Nephtali doesn’t contain any classes, tries to avoid mutable variables, and makes heavy use of anonymous functions.
Why the functional emphasis? In my experience, functional programming has proven to be easy to test, easy to debug, and it affords great parsimony (one of the main reasons Nephtali can do so much with so little code.)
Security is not an add-on
Security plays a significant role in every step of Nephtali’s design process. Specifically, the SANS Top 25 list of the most dangerous software errors served as a guide for general security issues that should be addressed in every web application, including:
- Failure to preserve web-page structure (e.g., XSS)
Nephtali provides automatic, powerful output escaping, and this is paired with powerful, simple input validation.
- Failure to preserve SQL structure (e.g., SQL injection)
Nephtali makes prepared statements easy and more fun than an amusement park.
- Information exposure through error messages
Nephtali makes appropriate error displays for production pages a requirement.
- Unrestricted upload of file with dangerous type
Nephtali’s input validation includes checks for file names and size.
- Missing encryption of sensitive data
Nephtali includes simple encryption functions.
Now, is it fair to say that this emphasis on security stands in stark contrast to the other frameworks in this post? No. However, as Bruce Schneier has noted, “…complexity is the worst enemy of security” and it is fair to say that Nephtali has embraced simplicity to a degree that surpasses the other frameworks.
Architecture: Not a typical PHP MVC
Dynamic region controllers (pipes)
All of the other frameworks listed here are standard MVC-architectured applications. In terms of the controller, you either find a front controller (controls which view is displayed application-wide) or a page controller (controls which view is displayed for a particular page.)
Nephtali ushers in a new level of granularity with it’s controllers. Instead of a front or page controller, Nephtali provides controllers that manage views within dynamic content regions of pages (pipes.) Essentially, a pipe is a controller that determines which view of the dynamic region to display and then handles any required databinding. A page can contain multiple pipes that all act independently on the page.
The other PHP frameworks offer powerful Object Relational Mappers (ORMs) that abstract away much of the work of persisting objects in databases. However, as already noted, Nephtali borrows significantly from functional programming, so you’ll see no ORM (although you could use a third party library.)
PHP offers a fantastic data-access abstraction layer, PDO, and Nephtali merely provides some convenient wrapper functions for PDO’s API. The result is simple, fast, clean code that can easily be refactored as your project grows. Need to work with multiple databases? No problem. Need to optimize your complex queries? No problem.
The convention in the cother PHP frameworks is to embed PHP directly within the markup of the pages to display the dynamic output. In contrast, Nephtali cleanly separates PHP from your HTML. If you have a page that contains a dynamic region (e.g., a list of recent blog titles), you merely embed xml comments within your markup to let Nephtali know where the region is. All of your PHP is contained within a code-behind file.
Nephtali’s approach provides several benefits. Designers, front-end developers, and UX professionals can easily manage the markup and directory structure, and prototypes can easily flow into working websites. Output escaping is automatically handled, and for speed, the context of the escaping can be explicitly declared (e.g., html, attribute, uri.) Nephtali can be installed on existing sites without breaking legacy PHP code.
Nephtali is not for everyone. If you’re an object oriented programmer at heart, then you won’t be satisfied working with Nephtali. If you’re looking for an extensive web framework with an API that covers a veritable treasure trove of powerful PHP code that can do everything from creating PDF’s to generating figlets, then Nephtali will come up short. If you’re looking for a well-backed, popular web framework, then Nephtali will appear to be the odd-one-out.
However, if you’re looking for a simple, powerful tool that helps you get the core features of your web applications right, then maybe Nephtali is just the web framework for you.