Does Templating Make Sense?

There are quite a few PHP'ers that I've talked to who openly disdain templating tools like Smarty, Flexy, and whatever others are out there. They point at the simple and undeniable point:

PHP is already a templating system.

True. You've gotten me there. I guess there's nothing else to discuss, thanks for coming.

But wait, although that's true, it makes and hides one important assumption. It assumes that everyone involved with the project – including designers – are functional in the basics of PHP. It is perfectly reasonable to expect a designer to know and understand how to echo variables, but getting into more advanced aspects can be troublesome at best.

Now stop and think of your general UI-generating PHP file. Unless you are a stringent MVC-type, there is probably an inappropriate amount of business logic spread throughout. In fact, I would wager that there is so much business logic, that you wouldn't be able to use a different UI-model, but that's a different discussion… Once this business logic is mixed with the UI, you open a world of pain for your designers. More than that, you expose the application to huge risks. What happens if the designer inadvertently shifts the branches of an if statement? Or removes a bit of filtering logic? The operation of the system has changed in unexpected ways and a variety of security issues could be opened. Now imagine if your designer had malicious intentions…

This was part of the reason to implement Smarty within dotProject. Last year, CaseySoftware took on a two-phrase effort to a) get dotProject accepted by various organizations with strict security requirements and b) allow a better degree of flexibility in terms of UI layout and methods. After evaluating a number of options, Smarty became the clearest solution.

First of all, we were able to simplify the templates. The display logic was stripped out of the classes business logic was stripped out of the UI. The business logic has steadily moved farther and farther back into the objects. This has reduced the code duplication and made maintenance that much simpler.

Second, it locks down a designer and limits the damage they can do. If you want to display a list of Projects, you only get the Projects we give you. No more, no less. The designer cannot bypass security/permissions filters. In one fell swoop, we've protected the system from accidents, incompetence, and malicious intent.

Finally, it's an established templating system. It's entirely possible to roll your own – I have – but more often than not, you're going to create something with a custom syntax, less functionality, and more complexity. It might work for you today, but what about tomorrow?

That said, templating systems aren't for everyone or every site.  If you have the skills, time, and need to build your own templating system, feel free, but know what you're getting into.

Recently, I chatted wit a friend about a group of new hires professing The Smarty Way(tm). After I stopped pounding my head on my desk, I asked for details… The company has a well-established site, massive optimizations at every level, and a huge amount of work already invested in the existing UI. Finally, since they have extensive user-based customization of pages, their caching is necessarily limited. Smarty doesn't look like a useful solution this time…