Open source software security

Advantages of Using MVC for PHP Development

30 November -0001
by: Justin Klein Keane
October 15, 2006

When tackling a large (or small) web development task it often pays huge dividends down the road to give consideration to scalability. Even if you think your application will be small and easily maintained (or run unmaintained), using a pattern for design can ease your development load, streamline your applications, and alleviate your maintenance headaches in the future.

MVC (Model View Controller) is one of the most common patterns used to architect web applications. There are many scholarly works available online about the exact definition of MVC (originally proposed in the Gang of Four's book "Design Patterns"), but in a nutshell it breaks down to compartmentalizing your application into three separate areas. These areas consist of the Model, or the data back end, the View, which is the presentation layer that the user interacts with, and the Controller, which is the logic layer that negotiates interaction between the Model and the View. Typically this division in PHP boils down to using the data layer as the Model, the HTML output as the View and the PHP code logic as the controller. This design pattern shares many similarities with Three Tier Architecture, and with good reason. Both are excellent ways of logically dividing your code.

By separating the various aspects of an application you can compartmentalize, simplify, and aid troubleshooting. For instance, if you encounter a problem with a page display you can localize the problem to the View (or display layer). If there is a problem with, say, form processing, it is likely that the issue resolves to the controller. Ideally there should never be a problem with the Model. The data layer should serve as a pristine repository, carefully defended by the Controller. Since the Controller governs all interaction with the View, and serves as a sort of 'gatekeeper' of the Model, it can be used to insure the data integrity of the Model.

The Model, since it is the data layer, should have two methods to insure its consistency. The data design itself, utilizing native data layer keys and referential integrity constraints, should enforce consistency rules. The Controller should augment these rules. The Controller should be relatively agnostic in terms of it's preferences, but should likely defer to the Model in resolving data conflicts. It is a wise rule to never trust user input and the Controller should verify and scrub all data from the View before passing it to the Model. Using these rules you can insure that your data back end is always reliable.

The Controller, in object oriented PHP, will likely consist of several classes that aggregate data from the Model and turn it from relational data into object oriented data. This way the material in the database is translated into usable objects for the actual application layer. Other classes should form the logic layer, providing the 'guts' of the Controller, by guiding interaction within and between the objects. Results of these interactions should then be passed to the View.

The View, strictly speaking, will simply be HTML. There are several ways of utilizing more advanced systems to maintain the view in PHP, however. Templating and XML are the two most popular ways to do this. Templating involves a system like Smarty ( that allows a raw HTML framework, with placeholders for variables, to be scripted and then depends on a Controller to assign appropriate variable values and initiate the display. Using a templating engine separates display logic from code logic and makes your application easier to read and maintain (you don't have to sift through HTML to find PHP code that might be causing you problems). Using a template also insulates the core of your PHP from nefarious interaction with the client - only data explicitly included in the template can be displayed. Many templating systems also add extra features, such as caching, that can enhance your application. Although templating systems demand that designers learn the specific syntax of the system (which is often very different from PHP syntax), many are widely supported and documented (meaning you rely on the templating system documentation rather than having to write your own documentation for the View).

Using XML for the View is also a popular technique. Actually, the view still consists of HTML, but the Controllers produce XML which are then translated using XSL and XSLT templates. The result is XHTML that can be output to the browser. While this sort of solution often requires more processing time, it is somewhat more lightweight than a full blown templating system. Utilizing this sort of framework also means that applications can easily be SOAP enabled (since data is presented as XML by the Controller).

Links to Other resources: