Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m using PHP as a template engine in an MVC-style application. However, we now have the need for the templates to be edited via the web-front end. Is there a way to make this safe and secure, so a user who has the rights to edit a template then doesn’t have the ability to run dangerous code on the server? Or, should using PHP as a template engine be abandoned, and use one of the many other templating engines, such as Smarty?
I highly recommend twig. Twig is very nice in that it is very modular an extensible, so you will end up with a template engine that’s as simple and as complicated as you wish.
It is also very fast with caching turned on in production. It is also very safe in that it cleans and filters what is displayed to the user, so no arbitary PHP code can be executed by the person editing the template.