I have already the parts below (I got all of these from Github so they’re quite secure, I think) in my project and it’s ready to go live, but a few days ago, I started learning Symfony2 and I think it’s a very good framework but it has a learning curve just like any other framework.
-Dropzone (Including file upload, handling, etc)
-File upload class
-Register/Login (This one is also secure, I used a popular Github project so it’s tested by many people)
-Validation class (GUMP)
-Functions for security (htmlspecialchars, etc)
-MySQLi wrapper class (I don’t need to use prepared statements, it’s already built in)
-I have created my own .htaccess file, it’s quite big and all my urls are pretty.
-My folders are well structured and I tried to keep spaghetti code at minimum. I include things I need above the php file, so PHP and HTML are separated as much as possible.
I still have security concerns, though.
Should I port my existing codebase to Symfony2 anyway OR keep developing with my own way until I hire a developer? Right now I’m the only one who’s dealing with the website.
If you’re ready to go live, then I vote go live; start attracting a user base. Meanwhile, you can work on learning and porting to Symfony, then switch out the codebases when you’re ready.
Just FYI: Anyone can host anything on github. Just because you found code on github doesn’t mean it’s secure.
This is worrying (maybe it was just worded badly). MySQLi provides prepared statements as a feature, that’s true, but you still need to use that feature. You still need to use prepared statements.
I would always prefer a framework like Symfony over self-written code. A framework will be used by many coders, so most security issues will be found and fixed. If you want to create a product, a framework will spare you the work on the low level things like sanitization and DB wrappers. Sure, you can build them yourself, but once your “framework” is build, it must be maintained and updated to be compatible to the latest PHP version.
So, if you just write code for yourself, it is ok to use your own framework code. But if you are really serious about a product, you should use a framework!
Routing URLs should be handled at the application level. Having a gigantic .htaccess file that constantly needs to be updated when new content is published is a huge pain the butt.
The thing is, I already invested a huge amount of time on this project. I’m still learning Symfony2 and started porting my existing codebase (I created entities automatically using terminal and it was very cool) to Symfony2, but I’ll launch the site as it is since I don’t want to wait anymore I will keep converting, though.
Wish me luck!
I really learned lots of things from you, both Sitepoint and Learnable. Thank you for everything you’ve done so far.
I will keep converting, though.