Get To Business.

[This is part three of a three part review. Part one can be found here and part two here]

In previous parts I’ve covered some of the main components of the Zend Framework, including database abstraction and the Model-View-Controller pattern for separation of logic from presentation.

This time I will go over some of the smaller modules in terms of scope, yet still some of the more important and useful in my opinion.

Zend Filter and Zend Validate - Data validation and filtering

Validation and filtering of information are integral parts of a dynamic website operations. User generated input (received usually via a GET or POST request, e.g from an HTML form or a URL address), should be treated with caution. The input should be filtered as to not contain harmful data (see: SQL injection attacks) and validated to ensure it is what it should be - for example, in the case of HTML forms checks are made to ensure that all required fields are filled out and contain the expected type of data.

Filtering and validating is a common procedure for web developers, so naturally the Zend Framework includes components to handle such tasks. Those components are the Zend_Filter and Zend_Validate class hierarchies.

The base classes are of Zend_Filter and Zend_Validate are extended by specific filters and validators, each implementing a filter() or validate() method accordingly. The filters/validators class names are self-explanatory, for example Zend_Validator_NotEmpty checks that a variable is not empty, and Zend_Filter_HtmlEntities uses the htmlentities PHP function to filter a string.

Basic usage would be instancing a filter/validator class into an object, and using the filter()/validate() methods accordingly on specific data. Since it is somewhat cumbersome to instance an object and call a method for a simple filtering/validation operation, a static method exists to shorten the process - for the filter class it is the get() method and for the validate classes it is the is() method, which allow to get the validation/filtering result in one line of code.

Often multiple validations or filters are needed to be applied to certain dataset. For this purpose, a validation/filtering chain can be composed by the base classes and applied in one method call on the dataset. This method is not very useful when dealing with arrays (as is usually the case when dealing with POST and GET requests), and for reason a specific class was created - Zend_Filter_Input.
Despite its name, Zend_Filter_Input deals with both validation and filtering. It is designed to work with arrays (such as $_POST and $_GET) by defining a set of filters and validators to keys in such arrays. A Zend_Filter_Input object receives filters and validators arrays in its constuctor, along with an array of data that needs to be filtered/validated. The object can then be queried for invalid/missing/unknown fields, and filtered data can be retrieved escaped or unescaped (default escaping filter is the HtmlEntities filter).

In most of my model classes (those classes than contain domain logic and handle database access) I implement an isValid() method that is run before any database access is made. This method filters and validates user input, returns boolean true on success or an array of error messages on failure. The Zend_Filter_Input class fits perfectly into this method, allowing me to easily define the filtering/validation process, and recieve the proper error messages on failure.

Zend_Search_Lucene - PHP search engine

One of the hidden gems of the Zend Framework is the Zend_Search_Lucene component. It is a port of the Java open-source project of the same name, developed by Apache. To quote from the Apache Lucene webpage:
“Apache Lucene is a high-performance, full-featured text search engine library written entirely in Java. It is a technology suitable for nearly any application that requires full-text search, especially cross-platform. ”

So what is it good for?

The Lucene search engine allows the indexing of any string or binary information and searching this index with a powerful query language. Since its filesystem does not require a database, it can add search capabilities to any PHP driven webpage, but its real use would be in conjunction with a storage mechanism such as a database.

In database heavy web-application, where complicated queries are run at high concurrency, database performance usually turns out to be the bottleneck for response times. Zend_Search_Lucene could replace queries involving text searches such as FULLTEXT queries and the LIKE clause queries, offering much more advanced search queries, ranked results and most importantly vastly superior performance. The Lucene query language is rich and expansive. It allows for proximity searches (approx. matches) and field boosting (increasing relevance for different search fields) and more.

Zend_Search_Lucene allowed me to tackle the complicated issue of tagging - Tagging is a known problem to map effectively to databases (A dude named Phillip Keller wrote a blog on different tagging schemas, and conducted a performance comparison of the schemas. Another dude named Nirin Borwankar suggested yet another schema for tagging. The tagging issue is a long and complicated one.) To quote del.icio.us creator, John Schachter - “tags don’t map to sql at all. so use partial indexing.”
Using Zend_Search_Lucene to index tagged items allowed us to implement tags in the Octabox project while still enjoying high performance, which was something that I was quite worried over before.

A nice feature that’s included in this port that doesn’t exist in the original (to the best of my knowledge), is the ability to parse HTML documents directly, using HTML tags such as <head>, <title> and <body> to automatically create a Lucene document, omitting HTML comments and <script> tags.

Zend_Version - Versions have feelings too

The most controversial and misused component of the framework is the Zend_Version. While seemingly a simple class containing only one method, it uses the highly useful PHP function version_compare() to compare a class constant against a version given as a function argument… I think the importance of this component is self-evident.

Zend_End_Review

This concludes my review of the Zend Framework. While mostly a very positive review, I’ve ommited some components which I have not found to be overly useful (for example, the went-wrong-component Zend_Date and the why-is-it-there component Zend_Measure) so it might be somewhat unbalanced.

Still, the framework has shown its strength with its major components and some minor ones, and Zend is apparently dedicated to supporting and improving it. I would strongly recommend it for any serious PHP web developer.
For the hobbyist PHP programmer, or for quick shake-and-bake development projects, frameworks such as CakePHP (appropriately) might be a better fit for their smaller learning curve.

If you have any questions, comments, requests for code samples or donations, I would be more than happy to hear from you.

Eran Galperin, Octabox Lead Developer

Edit: Supplamental

Having tried Zend_Date again, with last impressions dating to the 0.8.0 release, I am happy to say that it has been fixed/improved to the point of being very useful. Previously I found it hard very hard to get the results I wanted from Zend_Date (with some of those seemingly random), but now it has become very accurate and with its integration with Zend_Locale also very useful.