官术网_书友最值得收藏!

So, what is Yii?

Yii is an open source framework for web applications built with the PHP scripting language. It was first released late in 2008 to a world bustling with frameworks vying for market share. Although it entered the game somewhat late, this turned out to be an advantage as its creator, Qiang Xue, was able to include some of the best features of existing products in Yii. Also, the lessons he learned as a developer for the Prado framework helped him to build a superior solution. Today, Yii is widely heralded as one of the top PHP web frameworks. You can read more about it at http://www.yiiframework.com.

As opposed to the Content Management Systems (CMS), it is not a complete skeleton of your website, which is configurable by some sort of graphical user interface. You have probably heard the names Joomla! and Drupal, which are particularly famous CMS examples in the PHP world.

On the contrary, Yii is called a framework because it has a set of built-in components. You, as a web application developer, can and definitely should freely use these to save your development time.

So, whether you just need a quick database app, some web services, or you have been tasked with building a whole corporate web portal, Yii will lay the groundwork and set you on the right path.

Probably the most important parts of Yii are the complete database access layer and the highly intricate page rendering system. It comes with pre-built smart UI controls like the data grids or something simpler like datepickers, ready to be used on web pages. Also, for many routine coding tasks there are a set of automatic code generators. All of this will be explained in further sections.

The Yii website also contains a huge number of user-contributed extensions to help you add functionality quickly. Applications built with the Yii clean organization style turn out highly extensible and easy to maintain.

Yii enforces a tried and true architecture for your application, known as Model View Controller (MVC). This structure utilizes object-oriented principles to make clean separations in code organization.

Controllers receive requests, instantiate and manipulate the models that do the real work, and finally render the views for interaction with the end user. This will be discussed in later sections to a greater depth; however, it'll be important to know that unlike in the original MVC definition, views in Yii are completely passive, being just the page templates and not the full-fledged classes.

Yii's speed is unmatched thanks to some intelligent design choices at the core level. Most frameworks lose performance when they load more functionality than required for a given request. Loading too many classes can mean more disk reads, as each class is generally stored in its own file, or at least more processing if scripts are cached. More classes generally also result in additional database transactions, and all of these operations are both time and resource consuming.

Yii sticks to a philosophy of lazy-loading, where it strives not to load classes until they are actually needed. The core framework also adds no additional tables to your database, and makes only the minimum number of requests required to fetch the data for a given action. When your app is ready for production, there are a number of caching options to take performance to the next level. To reduce file I/O, Yii has built-in components that encapsulate common data caching solutions such as APC, Memcached, XCache, and EAccelerator. It also has a few components to handle caching of computed application data for an appropriate amount of time, such as the result of a complex database query.

Nowadays, when a website allows users to post content, it runs the risk that some of that content might actually be malicious code. Probably the most frequent are SQL Injection, Cross-Site Scripting (XSS), and Cross-site Request Forgery (CSRF) attacks. Of course, you can look up these terms in Wikipedia, but you can also look up the detailed review of all these types of attacks in the Web Application Hacker's Handbook, by Stuttard Pinto, printed by Wiley in 2011. These are the common problems that website developers must address when accepting form data. Yii has built-in means to cope with them. All database interactions made properly by the Yii API sanitize user input automatically.

For dealing with user-generated content that will be rendered on the web pages, Yii encapsulates a project called HTML Purifier, which can be applied to any input field and will filter out any malicious code, unless specified on a white list. The homepage of the project is http://htmlpurifier.org/, and it is included in the component.

For automatic protection from CSRF attacks of all your forms altogether, there is a single switch-in configuration. It will pass a random value to a user when they load a form. By having this value passed back, the interaction is validated.

All these features will be explained later in the Top features section.

Tip

Downloading the example code

You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the files e-mailed directly to you.

主站蜘蛛池模板: 安多县| 永靖县| 南乐县| 双峰县| 双牌县| 确山县| 额尔古纳市| 廉江市| 无棣县| 溧阳市| 宁武县| 萝北县| 新建县| 德惠市| 九龙县| 运城市| 万山特区| 临朐县| 杭锦旗| 长岛县| 昌图县| 察隅县| 塘沽区| 仪陇县| 新竹市| 上饶县| 祁阳县| 疏勒县| 兰考县| 广宁县| 和静县| 腾冲县| 施秉县| 塔城市| 岗巴县| 赤峰市| 全南县| 潼南县| 玉门市| 宣化县| 姚安县|