About the Author

Chris Shiflett

Hi, I’m Chris: web craftsman, community leader, husband, father, and partner at Fictive Kin.

CakePHP Visits New York

Last night at the monthly NYPHP meeting, Nate Abele presented an introduction to CakePHP, a web application framework.

The New York subway wasn't cooperating with my schedule, and due to a problem affecting all uptown 4/5 trains, I was 30 minutes late to the talk. After speaking with Nate later, it sounds like I might have only missed a few minutes due to some technical difficulties he was having in the beginning. Here are some of my notes from the talk as well as the conversation we had over dinner and drinks later.

Cake has an array-based Active Record implementation. This is partly because Cake supports PHP 4 and tries to provide consistency between PHP 4 and PHP 5. For those wondering whether this cripples Cake's object support, Nate has this to say:

Cake brings PHP 5 OO constructs to PHP 4.

Cake supports scaffolding, although this wasn't demonstrated. Cake also includes a utility cleverly titled Bake. Not having any prior experience with Cake, it's not yet clear to me how these two features differ.

Cake's Ajax features rely on prototype. I bet David would appreciate this approach.

By request, Nate covered some of Cake's security features. As I've mentioned in the past, I think frameworks are a great way to help a lot of people implement safeguards and best practices that they might not have otherwise known about. For example, Django offers CSRF protection.

As you might expect, as long as you stick to the Cake way of generating output, it handles the escaping for you. It also sounds like it keeps up with character encoding consistency for you, but this is something I want to investigate further.

There is a feature to help prevent CSRF, although it isn't advertised as such. This is something else I want to investigate further.

I was especially pleased to learn that Cake is a very organized project with good IP practices. Contributors sign a CLA (Contributor License Agreement), and it's licensed under the MIT license.

CakePHP seems like a solid project with smart, passionate people leading the way. It is also quite popular:

About this post

CakePHP Visits New York was posted on Wed, 27 Sep 2006. If you liked it, follow me on Twitter or share:


1.Nate Klaiber said:

I have tested Cake and love it compared to some of the other frameworks out there (even Zend at this point). I have actually considered using it for a few upcoming projects.

Wed, 27 Sep 2006 at 19:59:00 GMT Link

2.Chris Cornutt said:


Having tried both Cake and the ZF, I'd have to say.....well, that's not really fair, now is it. Cake's been in development longer so any "ZF doesn't have this or that" comment I could say wouldn't be right.

I do however have one comment on the ZF versus Cake - Models are good. Models make me happy. No models make enygma a sad boy.

Wed, 27 Sep 2006 at 21:02:20 GMT Link

3.Nate Abele said:

Hey Chris, thanks for the write-up. A few clarifying comments:

(1) The reason we decided to go with an array-based approach to ActiveRecord had to do with PHP4, but it also has a lot to do with the fact that even in PHP5, the array support, (i.e. all the great things you can do with arrays really simply) still outweigh PHP's ability to manipulate objects.

(2) As far as the scaffolding not being demo'd, it was only because it is basically the same in Cake as it is in Rails, and I just assumed that everyone had seen the "screencast seen 'round the world".

I guess that's about it. Thanks again for the write-up, and for taking an interest in the project.


Wed, 27 Sep 2006 at 22:54:20 GMT Link

4.Chris Shiflett said:

I think this is the screencast Nate is referring to:


Wed, 27 Sep 2006 at 23:04:03 GMT Link

5.Kashif Khan said:

If im not wrong, Bake helps you autumatically generate the model, view and controllers for your project with some of the default code in it.

Thu, 28 Sep 2006 at 13:56:04 GMT Link

6.eddy said:

I tried Cake a few months ago when looking for a good PHP framework for a CRM project. Whilst it had some nice features, I opted for QCodo (www.qcodo.com).

I love QCodo's code generation of the object model. It is really robust and has saved me months of work.

Fri, 29 Sep 2006 at 15:12:04 GMT Link

7.Chris Shiflett said:

Some good tutorials Nate pointed me to:



Fri, 29 Sep 2006 at 18:25:00 GMT Link

8.Jon Baer said:

There are a few items with Bake that might suprise you, one is that it is currently "smarter" than the Rails generation scripts. I figured this out much later but if you design your schemas around a well rationalized setup you can be pretty much done w/ model setups (HABTM) in pretty quick time. This is where the golden age of conventions come in I think.

What would be great to see is if the security of validation, etc could also be wrapped around the schemas so as to prevent further bad data from getting in. I think the solid frameworks themselves will only offer more security in the future.

Im interested in 1.2 and the Bake tasks to maybe also be able to "scan" your code for potential pitfalls.

Mon, 02 Oct 2006 at 01:32:32 GMT Link

9.Richard said:

Great Post. I've been trying to decide between using CakePHP and CodeIgniter for an upcoming project. Have you had a chance to assess the security features built into Code Igniter?

Sun, 15 Oct 2006 at 14:55:52 GMT Link

10.Turgs said:

I'm interested in finding more about frameworks and CakePHP... but how can one ensure that CakePHP uses secure coding practices?

Would you simply do a "security audit" as you describe in some of your articles and presentations?

Sun, 02 Sep 2007 at 06:08:20 GMT Link

Hello! What’s your name?

Want to comment? Please connect with Twitter to join the discussion.