Squirrel HackerI have come forward in time from the year 1986 to share this with you

There are many ways of doing templating (for quick website development) especially in php.

One that I have a lot of experience with is Smarty.  So far I am not impressed too much with it. Rather than saving time, it seems to take up more of my time trying to get it to do what I want it to do. It also does not save me typing, which I thought was one of the points of templating.

For example in Smarty/html:

<input name="edit" type="checkbox" value="y" 
	{if $smarty.session.user and ( $user_type eq "editor" or $user_type eq "admin" )}
		checked="checked"
	{/if} /> edit

Alternatively in php/html:

<input name="edit" type="checkbox" value="y" 
<?php 
if($_SESSION['user'] && $user_type == "editor" || $user_type == "admin"){ ?>
	checked="checked"
<?php 
} ?> 
/> edit

Or in ‘pure php’ (CodeIgniter):

<?php
$this->load('form_helper');
if($_SESSION['user'] && $user_type== 'editor' || $usre_type == "admin"){
	$checked = false;
	if($checked = $this->input->get('checked');){
		$checked = true;
	}
	echo form_checkbox('edit', 'y', $checked);
}

I personally do not find it that difficult to understand either of the php examples I do understand that it may be simpler to use Smarty for very simple layouts… but when it comes to complicated layouts with many options, it is probably easier to resort to a purely php or html + php option rather than Smarty. Sure Smarty can be good if you want to let users change the layout of the page, but then, why not make it even simpler for them and have functions that create the elemets of your page and then they just have to move those around? You can even mark it with:

 =========== edit layout below =========== 

and change it so that instead of having to echo the form_checkbox helper function, you can override it and make it echo within the function itsself, then where ever you put it, it will be echoed out. In the end, this to me seems like the simpler answer to the whole thing, no real need to escape the variable, that can be done inside the function hiding it from the user as well avoiding things like:

{$variable|escape:"html"}

Which is probably more confusing to people who don’t know programming.

You may think that I am writting this because of my dislike for Smarty and all of the aggrevation that it causes me as a programmer. That is true, but there is also the problem that apparently Smarty is so rampant that you cannot get a php job without it in your resume. Oh… and look again at that if syntax:
{if isset($something) }
?>
Wait… where are the brackets? You might ask. Well… in Smarty they have done away with those brackets to make it simpler to read. If you happen to include those brackets by accident, you get Smarty compile errors. Even more inconsistancy comes up when you are trying to use arrays (you know, to group things together):
array_example_1.php

<?php
$smarty = new Smarty;
$smarty->assign('Contacts', array(
'fax' => '555-987-9876', 'email' => 'zaphod@slartibartfast.com'
);
$smarty->display('array_example_1.tpl');
?>

array_example_1.tpl

{$Contacts.fax|escape:"html"}
{$Contacts.email|escape:"html"}

Ok, so you might think that that is how arrays are handled in Smarty… and you would be right… sort of… because this is how arrays are handled when they are not hashed arrays:
array_example_2.php

<?php
$smarty = new Smarty;
$smarty->assign('Contacts', array(
'555-987-9876', 'zaphod@slartibartfast.com'
);
$smarty->display('array_example_2.tpl');
?>

array_example_2.tpl

{$Contacts[0]|escape:"html"}
{$Contacts[1]|escape:"html"}

So you can imagine the mess that is an array with hashes and other arrays inside it when you get to the layout:

array_example_3.tpl

{$Contacts[0].email.other[2]|escape:"html"}
{$Contacts.phone_number.home[1]|escape:"html"}

Don’t even get me started on the mess that is:

{literal} {/literal}

and:

{ldelim} {rdelim}

Be nice to your coders, and don’t treat your designers like idiots:

to keep designers away from PHP and to keep it safe, we should go for smarty. But is there really any designer who knows only smarty and no PHP? Is it really possible to write efficient code in smarty without knowing PHP? Nah, not at all. And there is {php} block which allow so called template designers to run unsafe PHP code inside it. Well, you can block executing {php} block from your side, but still smarty is not a solution to think that you are “secured”. And honestly, you should’t let your template designer write template code for you if they dont know PHP. And you should learn about XSS, SQL Injection and CSRF if you really want to live secured.

The Storyteller

let them use php functions and html instead of subjecting them to the bloated syntax soup that is Smarty.