Previously, I've talked about what I consider to be the first two rules of software development:
The first rule was simple “Don't Trust the Users” and seems to have been pretty well unanimous from around the community, especially from security folks. My second rule – “Consistency” – was a little less clear but tends to focus on doing the same thing the same way every time… until you learn a better way. It doesn't matter whether it's Coding Standards, security, etc. Doing it the same way helps people understand. Which
I've struggled with the best way to present this point and have just decided to say it.
The Third Rule of Software Development is:
Someone is probably smarter.
Except that doesn't capture it completely…
It may be that someone else has been doing it longer and has a deeper understanding than you.
It may be that the code you're writing – not necessary the whole application – is not new, creative, or innovative and many have explored the space before.
Or it could be that someone else is smarter.
All of these boil down to the same thing:
Know your tools and understand their capabilities.*
Quite often people will roll code to do some little thing. They fight with it, there are all kinds of little bugs, and it solves most of the problems most of the time… but at some point it breaks down.
The most common example I've seen of this one is removing tags from html input. Most people attempt some form of string replacement, then regular expressions, and a variety of other ideas. As they find more holes, their functions get bigger and nastier until they dread opening that file. They curse life every time someone adds a new tag and forces them to dig into it yet again.
What they don't realize is this “complex” problem is actually very common and can be performed with the simple strip_tags function.**
If you have to depend only on your own understanding, experience, mistakes, etc to get better, it's unlikely you ever will.
This is yet another reason to connect with your local (or maybe not local) users' group. You can benefit from the knowledge and experience of everyone else and occasionally share some of your own. Because after all… just because you are new to one concept doesn't mean you're new to all of them or will remain that way.
* And of course, none of this means you're stupid:
Ignorance is the state in which one lacks knowledge, is unaware of something or chooses to subjectively ignore information. This should not be confused with being unintelligent, as one's level of intelligence and level of education or general awareness are not the same.
** In researching and testing some searches for this post, I tried the above situation and searched for various things along the lines of: “php remve html from input” (no quotes) and happened upon a 45+ post thread discussing regular expressions for removing html tags before someone finally mentioned “strip_tags”. The second page was the documentation for strip_tags.