Yii Framework 2.0.0 GA

&gt; <i>Yii 2.0 helps you to write more secure code. It has built-in support to prevent SQL injections, XSS attacks ...</i><p>This is just a minor complaint, but it&#x27;s so pervasive among web frameworks that I must complain yet again.<p>According to the documentation for Yii 2.0, the recommended way to output a variable to a web page is:<p><pre><code> &lt;?= Html::encode($var) ?&gt; </code></pre> Not the PHP standard:<p><pre><code> &lt;?= $var ?&gt; </code></pre> Because if you do the latter, you will be vulnerable to XSS.<p>But why does every framework (and many template engines) insist on telling you to call a specific function in the template in order to get XSS protection? HTML escaping should be turned on by default, by whatever means possible.<p>The simplest template syntax should also be the most secure, not the other way around. Because sooner or later, somebody is going to forget to call that function.<p>Auto-escaping also saves a lot of clutter in templates, since there are usually only a few places in any given page (usually the content of a post) where HTML content needs to be printed unescaped (but filtered, of course).<p>Some frameworks escape everything by default and only allow you to print raw HTML if you add a &quot;noescape&quot; flag. This is better, but some of them only do this if you turn on some sort of &quot;autoescape&quot; flag at the top. This is just as bad, since it is insecure by default.<p>One might point out that not all escaping is the same, since different escaping rules apply in different contexts. But do we really have no way to detect, when parsing and compiling a template, which context we&#x27;re currently in?<p>XSS protection in modern template engines should be opt-out, not opt-in. Otherwise they have no right to claim XSS protection as a feature.

I have a lot of fondness for Yii as it introduced me to MVC and moved me from a designer into a developer. When I went on to learn Ruby and Rails everything seemed to click together and I recognised quite a lot of what Yii had taken from Rails.<p>That said, I get the sweats when I have to wade into an old Yii-powered app that I wrote. Entirely faults of PHP (lack of symbols, array(...) declarations, semicolon-itis) and my lack of experience back then (no testing, fat controllers). I do miss the simplicity of deploying a Yii app, and its speed compared to Rails. The creator, Qiang, is a PHP whizz.

Out of all the PHP frameworks I&#x27;ve used (CakePHP, Kohana, Laravel, Symfony) I have to say Yii is the one of the best.<p>It&#x27;s hard to describe why, I think mostly because it feels like it was built and designed by one person who had a lot of experience with other frameworks and knew PHP inside and out.

<i>&gt;Yii 2.0 helps you to write more secure code. It has built-in support to prevent SQL injections, XSS attacks, CSRF attacks, cookie tampering, etc. Security experts Tom Worster and Anthony Ferrara even helped us review and rewrite some of the security-related code.</i><p>+1 for opinionated security at the framework&#x2F;platform level rather at the programmer level, such that security features can be evolved, refined, debugged over time and pushed back upstream, rather than reimplemented from scratch each new project.

I&#x27;m a Yii fan but it takes some time learning the &quot;yii&quot; way of doing things i.e. structure, naming conventions. I decided to move on though because the community and module ecosystem are small.

If you&#x27;re serious about web development in PHP try Yii, chances are good you&#x27;ll fall in love! If not love at first sight, give it second chance. It&#x27;s really good inside :)<p>You can jump start using the new app templates:<p>1) <a href="https://github.com/yiisoft/yii2-app-basic" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;yiisoft&#x2F;yii2-app-basic</a> - simple app<p>2) <a href="https://github.com/yiisoft/yii2-app-advanced" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;yiisoft&#x2F;yii2-app-advanced</a> - if you need multiple interfaces (frontend&#x2F;backend&#x2F;api)

If your namespaces are all lowercase after adopting PSR standards, you haven&#x27;t really adopted the PSR standards.

Currently I working into the Cakephp and Django framework. Now I wanna to work in yii. which is the best between Yii and laravel in large concept application. anyone tell which is best framework for large application in Cakephp, Yii, laravel. please describe.

Yii 1 is one of the best framework i used.

Currently i&#x27;m working with Yii 1. Its good to know that Yii 2 is released. Thanks to all Yii Team!!

This is great news.A lot of thanks to YII Dev team for making the magic happen!

YII is awesome and speedy framework to build. I love to work. I yet to start 2.0.0

Really it is awesome and very quick.. I love to work

vs. Laravel? anyone?

Yii, feels more complicated, and rough around the edges to me...than laravel... There&#x27;s just a lot of things that make sense to me in Laravel.