On the symfony blog Fabien Potencier encourages all symfony developers that the security of your application must be taken seriously and that, despite the built-in protection the framework offers, there still could be issues.

The symfony framework has always provided the tools needed by the developers to secure their applications. With the new form framework, we have added an automatic protection against CSRF. Speaking of the form framework, we have also added a lot of security features to protect you against all sort of injections.

He does include an example, though, of a situation where it's not just about protecting from cross-site scripting or attacks. It's about checking user input to ensure it's what it should be. They give the example of a user pushing an "is_admin" value into a form posting where there wasn't one and updating the right column to give them admin rights.

He mentions some work the Rails team has tried to do to prevent this sort of thing automatically, but Fabian points out what the symfony framework already does - prevent any injected fields other than what's in the forms from being submitted and included.

This new tutorial DevShed has posted today talks about planning for your application's security and some handy tips you can use to keep it safe.

In this article we will look at how to start a project while considering its related security issues. We will focus on form validation as well as other topics such as site structures. To demonstrate the topics that we will be discussing, we will create a site that will enable a user to log in, log out, register and manage passwords.

They look at things like the overall structure of the site (including how it lives on the file system) and protecting your application from dangerous user input through forms.

Francois Zaninotto has posted a (large) new tutorial to his blog today detailing the forms functionality in the symfony framework.

Dealing with the display of form inputs, the validation of a form submission, and all the particular cases of forms is one of the most complex tasks in web development. Luckily, symfony provides a simple interface to a very powerful form sub-framework, and helps you to design and handle forms of any level of complexity in just a few lines of code.

The tutorial goes from the basics - displaying a simple form - out to complex multi-validations on the entered values.

Fabien Potencier has a new post to the symfony framework's blog today talking about some more of the "little things" they've added to the latest version of the framework.

Symfony 1.2 already comes with a lot of great new features but smaller things also matter a lot. Here is yet another post about small things we have recently added to symfony 1.2.

The list includes the ability to generate a URL in an action using the routing object, new methods in the form object that make it simpler to use in templates and an update to the Phing/Propel interface to help with debugging.

DevShed has posted the fifth article in their series looking at using the CodeIgniter framework in your application. This part focuses on refining the validation methods in the previous part to make them a bit more strict.

In the last article you learned a very simple way to use the framework to check information supplied by users through an HTML form. The type of checking done was very simple, however, and user-supplied data must be checked and validated pretty strictly for many purposes. This article will show you how to improve the previous application's validation mechanism.

They use the same form example from before but build out different methods to check and repopulate the user's input if the validation happens to fail.

On the Total PHP blog today, there's a new tutorial showing how to make a very basic template editing form to update the templates for your site.

A common feature to CMS scripts is a browser based means of editing your templates. This can be helpful if you manage your site remotely or on the move quite often. In this tutorial we walk through how to create a simple template editor in PHP.

The process is pretty simple - a form that allows you to either create or edit a current template file and some PHP that handles the submit. It takes in the data from the textarea and pushed it out to the correctly named file. It's a pretty simple setup and it requires that the web server user can write to the files, but it can be a big help when you can't get into the machine otherwise.

DevShed has posted the fourth part in their introduction to the CodeIgniter framework. This time they focus on form validation.

If you're a web developer, you've probably written any number of scripts designed to validate the input entered into a web form. More than likely, then, you'd like something that will make that job easier. Enter the Code Igniter PHP framework. In this fourth part of a nine-part series on this framework, you'll learn how to use it to do basic validation on a web form.

Making and validating forms in CodeIgniter is a pretty simple process thanks to the built-in validation features of the framework. They show you how to create a form and how to implement the validation and output error messages when an issue comes up.

This new tutorial from DevShed introduces something that could make a pretty profound impact on your application if used correctly - output buffering.

Output control (or output buffering) allows you to write and execute your scripts normally but send data to the web browser at selected times. The main benefit of this system is that you can call the header(), setcookie() and session_start() functions at any place in your scripts without having to worry about the "headers already sent" error message.

They start with the basics - the functions and what they do - then move on to an example, a login form, that uses the buffering to capture errors and html to be flushed and echoed at the end.

Matthew Weier O'Phinney has posted a tutorial to his blog that shows how to implement the dijit.Editor (a dijit helper that didn't make it into the current release of the Zend Framework).

We're getting ready to release Zend Framework 1.6.0. However, one important Dijit had to be omitted from the release as I was not able to get it working in time: dijit.Editor.

This dijit is important as it provides an out-of-the-box WYSIWYG editor that you can use with your forms. Unfortunately, actually using it with forms is pretty tricky -- Dojo actually ends up storing content outside the form, which means you need to create a handler that pulls the content into a hidden element when saving.

He includes the code for a sample view helper to implement it and how to include it into your Zend_Form via an addElement call.

On the Ibuildings blogs, there's a new post from Stefan Koopmanschap taking a look at the latest major release of the Symfony PHP framework (v1.1) and some of the functionality it includes.

The official stable release of symfony 1.1 is now nearly a month old, and response so far has been fairly positive. This is not surprising, as this new version adds a lot of flexibility to the already flexible system that symfony offered. Let's have a look at symfony 1.1, and specifically to the points that I feel are especially exciting in this new release.

He looks at the new architecture of the framework, how it now handles forms, the improvements to the plugin system and the (partial) integration of the Propel ORM layer for accessing databases. The full listing of updates can be found here.