Tuesday, June 30, 2009

Zend Framework and Dojo: configuration

Latest version of Zend framework- ZF 1.6.0 ship dojo toolkit. You can find it in ZendFramework-1.6.0/external/ directory when you download ZF.

Recently I come across a problem using third party “calendar”- Java script Calendar, and as Zend has now done collaboration with Dojo, so people using zend will definitely start using Dojo for java scripts and all other functionality Dojo is providing. And that’s why I decided to study and use Dojo and implement it in my application instead of fixing the issue in the third party calendar.

Although Zend has done excellent job and has made things quite easy for those who wish to use dojo in their applications, however novice and those with little experience may find it a bit difficult to configure Zend for Dojo.

It this post I will tell you how to configure Zend for working with Dojo.

The first and most important thing is to copy “external/dojo” into your js directory under www/public folder.

After you copy the dojo folder add the following code in your bootstrap.
    $view = new Zend_View();

$view->addHelperPath(’Zend/Dojo/View/Helper/’, ‘Zend_Dojo_View_Helper’);

$viewRenderer = new Zend_Controller_Action_Helper_ViewRenderer();



Ignore the first line $view= new Zend_View() if you have already instantiated view object in your bootstrap file.

That’s it. You have now added path to Dojo view helpers. You can now access dojo view helpers in your template-phtml file as you access other helper files and their functionality.

You job has not done yet.

Next you would need to add path to dojo.js file and other module of the dojo toolkit.

So open your layout file and put following code.
    if($this->dojo()->isEnabled()) {




echo $this->dojo();


As you can see we are adding path to js and stylesheet files so put the above code in <head> tag of your layout file.

The only thing you need to do is to enable dojo in your template file.

Let suppose you have controller “IndexController”. So in the views/scripts/index/index.phtml file put the following code.


I would like to explain the last line ->requireModule(’dijit.form.DateTextBox’). This line tells php to load DateTextBox. DateTextBox render textbox that display calendar when someone click on the field.

Your configuration is now completed. Now create your form as follows.
class MyForm extends Zend_Dojo_Form


public function init()




'label' => 'Date:',
'required' => true,
'invalidMessage' => 'Invalid date specified.',
'formatLength' => 'long',




In your controller, write
    $form= new MyForm();


In your view template
 echo $this->form;

The last thing I’d mention is, In your layout file replace “body” tag with
body class=”tundra”

Zend Framework: Zend_Loader::Zend_Loader::registerAutoload is deprecated as of 1.8.0 and will be removed with 2.0.0; use Zend_Loader_Autoloader

While upgrading your version may cause the above warning.

To get rid of it replace the following code

require_once “Zend/Loader.php”;


With the following one.

require_once “Zend/Loader/Autoloader.php”;

$autoloader = Zend_Loader_Autoloader::getInstance();


PHP: Taking care of security

Today highly confidential data such as credit card number, social security number etc are stored and handle through web. So it must be your primary goal to make your web application secure enough, so that users/visitor feels confident enough while using your application.

Here in this article I am going to give you some tips that are worthy to be remembered and taken care of in application development process.

1. You may have heard about register_globals. They make PHP variables usage easy. However they have certain disadvantages such as users can easily sneak into your application by easily passing data through $_POST, $_GET or $_COOKIE etc. So you shouldn’t rely on register_global. Disable them would be nice decision.
2. Most of the time we use variable directly, without first initializing them. For example

if (condition) {

$flag = TRUE;


If you don’t initialize $flag to false, user can easily set it to true using, $_POST, $_GET or $_COOKIE.

1. Verify all incoming data before processing. Verification highly depends on the type of data. If you need to insert integer data in the database, make sure that proper data is submitted through form.
2. Be very much careful when using function that run commands on the server. These function include exec(), passthru() and backticks (“) etc.
3. You must change the directory where session data is stored by default. Another good approach would be to use database to store session information.
4. When uploading file to the server, it would be good practice to rename the file(s) before storing them. Name must be safe and not guessable.
5. Don’t reveal error on live site. Errors reveal very important information, so they must be taken care of.
6. Take care of SQL injection. If user provides malicious information, your SQL query shouldn’t break.