I am currently working on a legacy PHP application. To give you an idea what the application is like:
Let's say you had two weeks, what would you do to fix this application? Is there there any framework you would recommend that work particularly well with this type of app and which can be introduced gradually?
I was thinking maybe start by introducing ORM, to get rid of sql injection and improve the spaghetti code to construct sql queries.
EDIT 1:: Since people seem to dwell on the SCM issue a lot. I do use git to keep track my own local changes. I am only working on this application temporarily, so I am not really in the position to tell the other developers which tools to use. Also, that was not really the question.
EDIT 2: The reason that I was considering a framework was a) the other developer brought it up b) it would give the project a more rigid structure, so mistakes (like CSFR) are more easily avoided in the future.
I would recommend Symfony PHP Framework. Two weeks seems too short to migrate your application, especially if you don't already have Symfony skills.
Zend Framework is also a very good PHP framework.
You should rewrite in very tiny bits of code, don't try to refactor the whole application at once. Do it while you implement fixes or something anyway. Always leave the code with improvements.
This is especially true if the application works just fine. Most users won't understand why you need to break their application to improve the code quality when the bad code worked perfectly fine for them.
If you rewrite an application you always loose all legacy knowledge that has been implemented in the application like old bugfixes. Maybe there is a bug and it already had been identified in the past you would probably need to tackle that again.
I wouldn't focus on implementing a framework in the beginning btw. You should try to focus on object oriented programming and implementing a design pattern where applicable. Implement a framework when your code is already somewhat clear and structured.
Migrating/re-factoring this application part by part would cost too many man hours than rewriting it.
Let's say you had two weeks, what would you do to fix this application? (It's insecure and has spaghetti code.)
First of all get en ligne what needs fixes first.
You can't turn spaghetti code into modular one within two weeks if you haven't analyzed the application so far. Additionally to refactor the code you need to get it under test first which can be problematic with legacy code. There are books written about techniques for such, but not all apply well to legacy PHP applications (but have very useful information anyway if you haven't done maintenance for legacy applications so far).
So you probably want to move database related code into a module of it's own while taking care about SQL injections. If you choose an existing database layer for that you can specifically say by looking into the code which scripts have been ported and which not.
You already use a view component, I would stick with it for the moment as you really have a short time-frame only.
Pressing an existing framework onto your current code-base seems counter-productive to me. You are merely looking for lightweight, existing and tested components so that you can reduce the own-written application code by using third-party components.
there is no scm
From all what you've shared so far about the application, this is what needs a fix first. Put it under source control. Before that you don't need to discuss further.
I've given a more lengthy answer with this question: How to implement MVC style on my PHP/SQL/HTML/CSS code?.