Friday, December 25, 2009

Writing Code in a New Language

I'm not a developer by profession. I do enjoy a little bit of programming though. It keeps me not being utterly bored with my job following procedures that are put down by me or someone else. Also considering the fact that we do a lot of Source Code Reviews it makes sense how to learn how to write Secure Code. So I decided to learn PHP. I learnt a few things during the same; which should be globally applicable, thought I'd share it here.

-- Decide your requirements first of all. What do you need to do? You need to learn code just enough to do that.

-- Don't sit down with a huge 800 page book and learn its syntax inside out. It'll only get you frustrated. You might not want to learn a lot of it right now so read just enough so you can start writing. Its best to start

--Once your reqs are clear. Decide your program flow. What should happen when you click on that link? Where should it go? Get that entire flow clear in your head and even draw a little diagram ensuring your clear about the same.

--Once your "click click" flow is clear design your database if you have one. Decide which clicks need to display something on the screen. Those clicks will most probably need DB interaction. Based on what data you need to display - create your database and as many tables as you can. Don't make it too complex at this stage - design only as much as you can think of and visualize clearly. The further you can think though, the easier you will find it at a later stage.

--Once your database arch is clear decide what part of your code needs to read from which table and what part needs to write. Create database users and GRANT rights accordingly. Again like above.. you can change as you code but the further you can envision here the easier it is.

--Document all your database queries, all your GRANTS..everything. You'll be suprised at how helpful it is if you want to recreate from scratch. And trust me .. when you're new to a language you WILL recreate from scratch ..many times ;)

--Now read your first requirement - write pseudo code for it. Decide what function names you will use. Try and maintain a pattern here. You'll be surprised how much you forget about your own code.

--Once you know the structure of your code, open all the online references for the relevant functions as well as your book if you studied from one. Understand if there is existing code / functions which does what you want to do(Remember your requirements phase?)

--Start coding. Run code regularly. After every 10-20 lines print things out and see if things are working as you expected them to work. This is much better than writing 200 lines and finding out nothing works. Later when you're experienced(even then I wonder) you might not need this approach but initially when you're getting your feet wet - please code-run-code-run as much as you can.

--Enable warning/strict/all security protections you know of while you start to code. Helps you know what you're doing wrong.

--Lastly comment your code. Please.PLEASE.

No comments: