Posts Tagged ‘Smarty’

Template systems introduce another level of processing in the application, so we might suspect that Smarty applications will run slower than plain PHP equivalents. Basically, we have a new pseudo-scripting language (the template engine’s tags) inside our scripting language (PHP).

Smarty is extremely fast by doing what is called template compiling. That means that it reads the templates, creates PHP scripts from them and includes the PHP files, resulting in a single PHP script that is compiled by the PHP engine, which is pretty fast. The beauty of the process is that the templates are parsed only once by Smarty, and only templates that are modified are compiled again. This is done automatically by Smarty and results in a fast compilation done by the PHP engine with very little overhead from Smarty.

If you are concerned about the performance of your site, Smarty has built-in caching support that can speed things up, especially on websites that have content that is not modified very often. You can cache all the content of a web page or only some of it and you can specify for how long Smarty should keep the content cached.

Since Smarty does template compiling resulting in a PHP script, there is no reason why we should not use a PHP compiler cache solution like PHP Accelerator or Zend Cache.

PHP Accelerator and Zend Cache have no problem with Smarty’s output and cache the PHP scripts produced by Smarty very well, so if our main concern is performance we should use one of these caching solutions combined with Smarty’s built-in caching support.

As Far As Security is Concerned….

We concluded that Smarty is fast, but we need to know about its security, which according to me is most important for any website.

By default, when using Smarty you are theoretically as secure as you are when using only PHP. This means that by using Smarty you can’t be less secure than using PHP only; but Smarty has some features to improve security in case this is needed.

When a site is built by a programmer working with a designer without using Smarty, the designer has access to the application and can modify all the PHP scripts. This is not good for security because a designer with bad intentions can breach the security of the system very easily when he or she has all the power of PHP in his or her hands.

Smarty comes with some built-in security features for situations where unreliable parties edit templates. When security is set on templates, a designer who modifies templates via an unsecured connection like FTP is unlikely to gain access in the system.
Using Smarty security features, you can:

  • Allow or deny usage of PHP code in the templates
  • Allow only a set of PHP functions as variable modifiers
  • Restrict the folders from which templates can be included
  • Restrict the folders from which local files can be fetched by templates

My strong advice is to always think about security. Think about having a database with credit card details and your designer including unsafe PHP code in one web page. This would result in a disaster for your business.