There is a disease which has spread among us. Its victims are gullible, miss informed and vulnerable. Once it has struck the consequences can be disastrous. Like any other disease, it is spread by those who are careless and those who have caught it themselves. The net positively stinks of it, seeping from every corner, page after page, just waiting to hitch a ride on another unsuspecting developer. What am I talking about? BAD CODE!!!!!
In my short outing on this earth I have seen the web go from a playground for script kiddies to a huge commercial entity. Anyone who doesn't use it is considered strange. A company that doesn't have a web site does not exist and home without an Internet ready PC is like a relic from the stone age. With this has come a new type of programmer. These are not hobbyists for which it is a way of life, they are individuals; often with other job titles trying to solve a specific problem as quickly as possible. These people often do not have the patience and problem solving ability of those who want to program, so rely heavily on search engines and forums to find the solutions to their problems. The thing is, if you are doing something you do not like, you want to get shot of it as quickly as possible - if it works, paste it in to your app and forget about it.
So, where does the problem come from? Let us approach form a different angle. There is a game called Chinese whispers. The object of the game is to whisper a message across a chain of several people; the irony is, that by the time the message has come to the end of the chain it bares no resemblance to the original. This, in my opinion is exactly where the problem lies.
You post a question on the forum asking how to solve a specific problem. "Mr 100 Posts Per Day" consults his 4GB library of samples, posts his response, hence solving the problem. But does this actually solve the problem? "Mr 100 Posts Per Day" rips his sample library from other posts and samples off the Internet and other forums; he doesn't know or care how the samples work, nor if they are the most secure, efficient and tidy way of solving the problem; but nor does the person asking the question (he has his code remember). OK, this is an extreme example, only a handful of "Mr 100 Posts Per Day" exist.
But, there are a huge number of developers out there who are happy to post code snippets with no explanation, no regard for best practice and who pay no attention to security and there are an even higher number who are willing to accept them for free. The result is that the "new to programming" programmer, who, is interested in programming and does want to learn, is being weaned on a mess of sloppy, insecure, inefficient code. Worse, these "new to programming" people, will with no doubt learn quickly and want to spread their knowledge; they write tutorials, post samples on forums and blog.
The web is now a pandora's box if you are new to programming. Because the majority of code out there is not even fit for the recycle bin, in fact it the hard disks that house this code should be put in a skip an nuked.
So where do the professional and expert programmers fit in? We have a huge responsibility to ensure that none of this code makes it past our eyes without us preaching/shouting the proper way and fixing it. Being a regular forum poster, I often find myself repeating in an endless loop; "do not use echo to output all your HTML", "do not execute queries without checking for errors", "sanitize variables", "indent code", "don't use tables for presentation" ... The list goes on. But I cannot stress more the importance of this, especially with languages such as Perl and PHP which provide a huge amount of flexibility but at the same time leave a lot of room for dreadful coding.
The coding community needs to wake up ... They need to realise that by giving samples which are knocked up in 5 minutes with no explanation is creating a generation of bad coders who get a terrible shock when they need to rewrite part of their application, clean up their company LAN after being attacked through an exploit, or just realise that all they have learnt in the past year is utter tosh.
Let us stand our ground and make the web a place of clean and secure code!!
Wednesday, March 29, 2006
Sunday, March 19, 2006
Very Useful PHP function - find out where output started!!
I have been programming with PHP for nearly three years and still I am discovering incredibly useful functions. One such that I found today was the headers_sent() function. This functoin returns a boolean value, indicating whether or not the HTTP headers have been sent and more importnatly whether output for the body of the request has started.
It is useful to know this in web programming becuase once the HTTP headers have been sent to the user and the body of the reuqest is being sent, no additional headrs can be sent and attempting to do so will fail.
But, this function does more than tell you whether the headers have been sent, it tells you when and where they have been sent. By passing two arguments to the function it will also tell use the file and line number where they were sent and the main body of the request is output.
While debugging big applications which include code from several files, I often find myself hunting for a rogue ehco or print_r statement that I was using to check data and program flow. With the headers_sent function, the offending statement can be found in seconds.
This is what I did. I edited my php.ini file to add a file to the end of all scripts using the auto_append_file directive. In this file I put three lines of code:
Simple, elegant and extremely useful.
It is useful to know this in web programming becuase once the HTTP headers have been sent to the user and the body of the reuqest is being sent, no additional headrs can be sent and attempting to do so will fail.
But, this function does more than tell you whether the headers have been sent, it tells you when and where they have been sent. By passing two arguments to the function it will also tell use the file and line number where they were sent and the main body of the request is output.
While debugging big applications which include code from several files, I often find myself hunting for a rogue ehco or print_r statement that I was using to check data and program flow. With the headers_sent function, the offending statement can be found in seconds.
This is what I did. I edited my php.ini file to add a file to the end of all scripts using the auto_append_file directive. In this file I put three lines of code:
if (headers_sent($file, $line)) {
echo("<p><b>Output started by {$file} on line {$line}</b></p>");
}
Simple, elegant and extremely useful.
Saturday, March 18, 2006
Goto My PC for FREE!!!
I was originally going to post this here, but decided to put it on VBF as a tutorial doesn't really suit a blog.
Enjoy.
http://www.vbforums.com/showthread.php?t=393847 - Services like GotoMyPc, allow you to access your computer securly from any location in the world via a web interface. But, at a price. In this case $17.95 per month. This in my opinion is a little bit costly as I have worked out how to do it for free.
Enjoy.
http://www.vbforums.com/showthread.php?t=393847 - Services like GotoMyPc, allow you to access your computer securly from any location in the world via a web interface. But, at a price. In this case $17.95 per month. This in my opinion is a little bit costly as I have worked out how to do it for free.
Saturday, March 04, 2006
XML is Sexy
Over the past few weeks I have been delving into the applications of XML and I must say that I have been pleasantly surprised, not only by the level of support out there for XML but also by its versatility and simplicity. This is a technology that, for the best part I have ignored until now, I fear that many other developers do the same unless forced to use it.
My latest article at PHP builder is going to be about XSL transformations. XSL (extensible stylesheet language), enables one to describe one type of XML in terms of another. Carrying out a transformation using the stylesheet effectively means that you can convert from RSS->XHTML, WML->XHTML, XHTML->WML, in fact you can convert any kind of XML to any other kind of XML.
Doing this research has also put a few more aspects of web development in perspective. Mainly XML's most popular application (XHTML) and its partners in crime, CSS and JavaScript. I see now the importance of separating these three technologies when designing web pages and ensuring that any CSS and JavaScript is included in separate files via links.
For XML the future looks bright, it does have a lot of potential, some of which is already being milked (look at the Firefox web browser for example). As web technologies continue to merge with desktop applications and personal Internet connections continue to increase in speed, XML will be creeping in the background, enriching an revitalising our online experience.
My latest article at PHP builder is going to be about XSL transformations. XSL (extensible stylesheet language), enables one to describe one type of XML in terms of another. Carrying out a transformation using the stylesheet effectively means that you can convert from RSS->XHTML, WML->XHTML, XHTML->WML, in fact you can convert any kind of XML to any other kind of XML.
Doing this research has also put a few more aspects of web development in perspective. Mainly XML's most popular application (XHTML) and its partners in crime, CSS and JavaScript. I see now the importance of separating these three technologies when designing web pages and ensuring that any CSS and JavaScript is included in separate files via links.
For XML the future looks bright, it does have a lot of potential, some of which is already being milked (look at the Firefox web browser for example). As web technologies continue to merge with desktop applications and personal Internet connections continue to increase in speed, XML will be creeping in the background, enriching an revitalising our online experience.
Subscribe to:
Posts (Atom)