Quick search:


Not present in other frameworks like Zend 2 and Symfony 2:

  • complete abstract user interface  that dynamically adapts to changes in the applications domain model  and can be overridden and customized in detail;
  • ORM with filtering by nested properties for quickly building complex search and sorting functions;
  • cross links for enhanced user experience whilst context scouting takes care of returning the user to the page where he started with a task; 
  • centralized authorization scheme for detailed control access to the abstract user interface;
  • simplified MVC pattern (like servlets);
  • compact framework souce code (less then 1 MB)
  • the source code can be browsed and searched on the phpPeanuts website with hypercode browsers;
  • compact framework code and abstract user interface decrease attack footprint (OWASP),
  • per referrer token in all urls (OWASP)  (forms also include a different single use per request token);
  • validation exceptions support applications to defend against hacker tools scanning for exploits;
  • stable design resulting from a history of over 15 years,
  • a Commercial Extension for Historical Data Management is available (not open source);

(comparision dd first half of 2013)


  • PHP 5.0 or higher
  • Database that supports full SQL JOIN and LIMIT syntax;
  • modern web browser (IE 8 or up, Firefox 3.0 or up, try out the examples to see if your browser is OK for phpPeanuts).


  • limited localization and internationalization support (can be overridden);
  • layout is outdated and does not follow W3C WAI guidelines (developers are advised to create their own layout);
  • user authorization plugin not in open source;
  • does not have built in UTF8 validation (but has centralized validation where developers may add it themselves);
  • the AJAX framework uses DOM html rendering methods;
  • the authorization api defaults do not follow the principle of Principle of Least Privilege (OWASP);
  • per referrer tokens are not as effective as per page tokens (but have lower impact on user experience);
  • uses Direct Object References (but validates authorization) and exposes steering parameters
  • AGPL License (commercial license is available);
  • See the Bugs page for more limitations