re: PHP Frameworks Discussion (beware lots of opinions) VIEW POST

re: [deleted]

Following PSRs is not required, nor does it make it any better in my opinion.

Not following PSRs does not make it worse of a framework.


It's a weird one.

On one hand you can never be certain any standard fits all cases, and you know the more creative developers want to do their own flavour thing.

On the other, it was much easier to tell the whole team here to just follow the damn PSR-1 / PSR-2 instead of everyone re-inventing their own weird slightly different visual coding style. Minus the spaces over tabs of course, but that's a whole another can of worms :D

All in all I probably agree more with having standards over not having one, so yeah, looking quite forward to what they've done.

Haven't checked PSR's out for a while, have they done something security based, ie don't output user input without escaping html tags first, etc?

I do prefer PSR over none as well. But I'm just trying to keep an open-mind and not dissing a framework just because it doesn't follow the standards.

I'm not too bothered about it either, but people who do like it, for them it might be much higher in consideration priority than for you or me.

And to get more people on board with new version, it's good thing that they've considered it.


Oh sure, you can't make Security PSR-101 and push all the responsibility to framework. Most of the time frameworks are as secure as they can get and all the issues come from however coders do their stuff, or probably 50% of the time, how servers are set up, which has nothing to do with code at all.

Said that, people like to follow simple checklists. And PSR-1 and PSR-2 are about "style" and some parts have nothing to do with actual coding, so secure "style" could potentially be documented same way.

I know there are few of these kicking about, and there are more general language agnostic lists, but PSR has a bit of authority in PHP community, so if they did it, I think it would get bigger following, even if it's just virtually copying already existing check lists.

Also, I am yet to meet a PHP developer who prefers spaces over tabs.

Me too now, moved to another company that fully hours for psr-2 🤓

code of conduct - report abuse