Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.




PHP7 Framework

"Pretty pretentious name, eh?"

  • security first
  • hybrid and invisible API, no syntactic salt
  • code reuse, common tasks, license: Public Domain / BSDL / MITL

Project status

  • Research / Planning / Staging / Development / Alpha / Beta

initial modules

  • object-oriented superglobals, which sanitize input easily
  • database wrapper with simpified prepared statements, activerecord, ORM
  • phunction as bootstrapping framework
  • LiveUser as perm/auth backend
  • follow the PHP plugin standard for module/config management and dist feature
  • intro.pdf

new input()

Enforces input filtering without the cumbersomeness of PHPs filter_var() API. This module is optional, but on application startup replaces the superglobals to prevent raw access. Instead simple filter methods will be available in two syntax variations:


     $_POST->int["id"]         // array syntax for easier transition

     $_REQUEST->ascii->nocontrol->text["comment"]    // chaining

Particularily the array syntax makes transitioning applications a snap. Security by methodology.


A basic database wrapper is there. It builds upon PDO (with PDO emulation for PHP4), and provides much needed simplifications atop prepared statements. The super flexible API is badly visualized here; have some trust, it's cool:

     db("SELECT * FROM t WHERE x=? OR y=?  ", $x, array($y));  // mixed args

     db("SELECT * FROM t WHERE x IN (??)   ", array($x, $y, $z));

     db("SELECT * FROM t WHERE :&  OR :=   ", array("x"=>$x, "y"=>$y), array("z"=>$z));

The second major simplification is an iterator/firstaccess/pdo wrapper onto arrayobject-results.

     = db()->column               // directly access first result
     = db()["column"]

     foreach (db() as $row)       // or utilize list iterator

     = db()->fetch()["column"]    // or simply use as PDO result

An additional CRUD/tablegateway module will be there, which allows straightforward table manipulation:

     comment("SELECT * FROM comment WHERE id=?", $id)
       ->set("pubtime", time())

It can be instantiated via SQL or an previous result, or a completely new row, or empty so it uses table defaults. Also it provides direct ArrayObject access. It's not OOP restrained, despite the looks.

The db() function and the table wrappers() can thus be combined for looping through results:

     foreach ( db("SELECT * FROM all") as $row ) {
         $comment = comment($row);


There is also an ActiveRecord generator, sql2php, which chains into db().


Idiorm was choosen as simple ORM and thus alternative to the SQL db() module. It's really lightweight. A hybrid constructor was added.


PEAR::LiveUser will be used as intitial permission/auth system.


Raw organization.


phunction is used as bootstrapping framework. It follows a similar

admin tools

phpSecInfo is the first included admin tool


  • OO input filters (superglobals wrapper with procedural looks)
  • PHP plugin standard (generic config.php)
  • form generation helper
  • PHP compatibility layers (upgrade.php)
  • standardize on jQuery
  • PHP template scheme
    • that's what everyone's using anyhow
    • provide safety compiler, smarty conversion
    • optional MVC module, which incorporates existing schemes
  • HTTP utility code
    • caching with proper ETag and conditional HTTP request support
    • content negotiation must be supported by routing module
  • auth
    • must support notion of separated auth/user/permission/profile modules (not yet another login form + mysql only)
    • standardized SQL tables, if any
  • steal following module classes as-is:
    • services, rpc APIs


There shall be research, before code gets checked in. Reinventing yet another OO & MVC PHP framework is not the goal. There are purposeful design differences to the current breed. However, code reuse is an important factor. The best libraries need to be cherrypicked, not reimplemented. (Allthough some things really don't exist yet.)

Design Goals and Non-Goals

  • security from the start
    • enforced input filtering
    • simplified parameterized SQL to encourage its use
  • procedural and object-style where senseful
    • "OOP only!!" attitudes are often a sign of cargo cult programming, which seems to be a widespread PHP habit
    • hybrids (function = object, where sensible(!))
  • non-MVC per default
    • rather encourage well understood PHP paradigm
    • PMVC module as alternative, routing separate, (candidate picking..)
  • code reuse
    • unlike other frameworks, PHP7 is not based on NIH syndrome, and will incorporate other frameworks` code
    • however no copycating the same old same old design pitfalls
  • HTML5
    • discourage purposeless XHTML syntax use (= without any other embedded XML namespaces or proper MIME type its use is fairly idiotic)
  • meta language atop PHP

Research Conduct

An excel sheet might do fine. But there seriously needs to be a FrameworkMatrix first. The existing wood of PHP frameworks must be evaluated to reuse reusable code. NIH is evil.

Cherrypicking and reasoning: