PHP programmer
Discussion
Dave_ST220 said:
The developer wrote the lot, from scratch. I gave a detailed spec of what was needed & off we went. It was tested in the sandbox for the 3DS & processor & tested again when live. I have no idea why it stopped working other than an Apache upgrade or PHP upgrade. Starting again would obviously be the best bet but this system does everything, invoicing, payments, products etc etc. It would take weeks if not months to setup all again. It took them months to write it all in the first place!
As I've said I'm not here for finger pointing, I could quite easily name the person who wrote it but that isn't going to achieve anything. They left me in the s
t with bits not working which over the years I've fixed. The code IS a mess, unused parts & scripts exist so it's hard to work out what is going on. As I've said I'd pay someone to go through it all and clean it up but no one wants to do that. Sooner or later I'll have to bite the bullet and get an off the shelf package & re-write the whole site.
Anyway, another band aid that was applied got it working as it should, it takes payments and passing PCI scans so at the moment I have some more time.
One pitfall to bespoke, if the person that did it "disappears" you are left with a big fking mess & headache, never again!
ETA, this was all written in 2008/2009 by memory so it's worked fine for quite a while!
Cripes!As I've said I'm not here for finger pointing, I could quite easily name the person who wrote it but that isn't going to achieve anything. They left me in the s
t with bits not working which over the years I've fixed. The code IS a mess, unused parts & scripts exist so it's hard to work out what is going on. As I've said I'd pay someone to go through it all and clean it up but no one wants to do that. Sooner or later I'll have to bite the bullet and get an off the shelf package & re-write the whole site.Anyway, another band aid that was applied got it working as it should, it takes payments and passing PCI scans so at the moment I have some more time.
One pitfall to bespoke, if the person that did it "disappears" you are left with a big f
king mess & headache, never again!ETA, this was all written in 2008/2009 by memory so it's worked fine for quite a while!
Edited by Dave_ST220 on Tuesday 9th February 08:38
In that case there's no real defense then unfortunately. Naughty programmer!
If you've got any bits that scare you, or you don't understand, or you want to clean up you can ask me if you want - I do php back end stuff for a large corporation.
I'm used to approaching other people's code with a sense of trepidation...
Just send me an IM if you fancy a hand.
Dave_ST220 said:
I can see a config.php file that is full of references like this :-
$result = mysql_query($sql);
So I guess that's me fked 
Smart.
I'd be surprised if your host upgraded to PHP7 without asking you, or providing you an alternative, so I wouldn't worry too much about that.$result = mysql_query($sql);
So I guess that's me f
ked Smart. Would you mind providing a link to your website? I'd like to test something for you.
The server was moved late last year, but as stated the line of code I added has got it working again. Now my concern moves to someone who knows what they doing looking at the code & letting me know the score! Starting again really would be hell on earth though. In fact if that were the case then I'd scrap it and get an of the shelf package as having something custom written again wouldn't be worth the hassle. I went through all of this with the hosting company but they seem to have grown since they last helped me & don't want to get involved, fair enough really as code issues are not their problem.
Durzel said:
Dave_ST220 said:
I can see a config.php file that is full of references like this :-
$result = mysql_query($sql);
So I guess that's me fked Smart.
I'd be surprised if your host upgraded to PHP7 without asking you, or providing you an alternative, so I wouldn't worry too much about that.$result = mysql_query($sql);
So I guess that's me f
ked Smart. It's not necessarily a massive deal, it all depends on how many calls to the database there are - some things are just done a little differently. It isn't just a case of changing function names, though. There's two different things to address - one is to change the database calls to a more modern method that are still supported, the other is to then take advantage of some of the features those functions offer. If the cart was written back in 2008-2009, it's not such a mortal sin to be using those old functions as it would be if it was more recent.
I also should say I have no commercial experience of writing or deploying PHP systems, so anyone who talks about real-world things that hosting companies do knows more than I do. I do spend some time on a PHP forum and it's frightening how many people are still being taught how to write with these old functions, though.
Durzel said:
I'd be surprised if your host upgraded to PHP7 without asking you, or providing you an alternative, so I wouldn't worry too much about that.
Would you mind providing a link to your website? I'd like to test something for you.
Yeah they only upgrade if a PCI scan requires it or they have decided it needs doing for security. Let me know your email address & I'll send you a link. ThanksWould you mind providing a link to your website? I'd like to test something for you.
Dave_ST220 said:
The server was moved late last year, but as stated the line of code I added has got it working again. Now my concern moves to someone who knows what they doing looking at the code & letting me know the score! Starting again really would be hell on earth though. In fact if that were the case then I'd scrap it and get an of the shelf package as having something custom written again wouldn't be worth the hassle. I went through all of this with the hosting company but they seem to have grown since they last helped me & don't want to get involved, fair enough really as code issues are not their problem.
If the rest is working then it might not necessarily need a full rewrite. The main problem with trying to fix one part of it, particularly involving money, is that changing it so that it's right and things are stored in the correct way has the potential to break things all over the place by virtue of the fact that the original programmer would've written the rest of the site assuming data to come out of the database in a specific (wrong) format.That said nothing is insurmountable - you could store it properly and write a "wrapper" to the rest of the code that returns it in the "broken" format, if that makes sense. That's all in the detail of working on it though.
Well, they may not have known.
Ultimately it ran well enough for however long, didn't it?
PHP/MySQL made a lot of the current web possible, although many sites were written quite badly by single developers muddling through, without any formal training or education in 'the right way' to write code or implement databases.
If you did start a site in such a way it would be prudent once you have enough cash to engage a reputable developer or firm to go over the code and look for vulnerabilities.
And no, I wasn't OP's developer - although I am probably responsible for writing some equivalently hacked about code in the very distant past!
Ultimately it ran well enough for however long, didn't it?
PHP/MySQL made a lot of the current web possible, although many sites were written quite badly by single developers muddling through, without any formal training or education in 'the right way' to write code or implement databases.
If you did start a site in such a way it would be prudent once you have enough cash to engage a reputable developer or firm to go over the code and look for vulnerabilities.
And no, I wasn't OP's developer - although I am probably responsible for writing some equivalently hacked about code in the very distant past!
Dave_ST220 said:
Yes that makes sense mate, what's puzzling is why the original programmer decided to write it like this! Only they can answer that one. Hint hint.
Not knowing the full rationalle behind the coder's decision there, the only thing I'd criticise about that code at this point is the lack of comments. For me that is inexcusable. Look at it, It's not good code, but sometimes you have to put in a quick workaround to get things finished.
So (and I'm not saying you did this, just an example) if you put him under pressure to get it working by March 1st, and on Feb 27th you give him access to your server, only to find that the database is acting weirdly, a quick fix with a comment e.g. /* todo fix the DB locale issue causing numbers > 1000 to be formatted 1,000 */ is fine. After all, it worked for X years until somebody fixed whatever the underlying issue is. And had it been commented, it would have been an easily identified solution.
Edit: and no it wasn't me that wrote it
Edited by budgie smuggler on Wednesday 10th February 09:33
essayer said:
Well, they may not have known.
Ultimately it ran well enough for however long, didn't it?
Yep, AFAIK it did, I'm not here to dispute that, I was just taken back a little when some posts implied that the code shouldn't be near a live site.Ultimately it ran well enough for however long, didn't it?
budgie smuggler said:
Not knowing the full rationalle behind the coder's decision there, the only thing I'd criticise about that code at this point is the lack of comments. For me that is inexcusable.
Look at it, It's not good code, but sometimes you have to put in a quick workaround to get things finished.
So (and I'm not saying you did this, just an example) if you put him under pressure to get it working by March 1st, and on Feb 27th you give him access to your server, only to find that the database is acting weirdly, a quick fix with a comment e.g. /* todo fix the DB locale issue causing numbers > 1000 to be formatted 1,000 */ is fine. After all, it worked for X years until somebody fixed whatever the underlying issue is. And had it been commented, it would have been an easily identified solution.
Edit: and no it wasn't me that wrote it
The lack of comments certainly makes my life harder, had it all been commented then fixing issues would be quite simple by the looks of it! As to why they did it I haven't a clue, for the record they were never put under any pressure, in fact a project that was original going to be months ended up being years!Look at it, It's not good code, but sometimes you have to put in a quick workaround to get things finished.
So (and I'm not saying you did this, just an example) if you put him under pressure to get it working by March 1st, and on Feb 27th you give him access to your server, only to find that the database is acting weirdly, a quick fix with a comment e.g. /* todo fix the DB locale issue causing numbers > 1000 to be formatted 1,000 */ is fine. After all, it worked for X years until somebody fixed whatever the underlying issue is. And had it been commented, it would have been an easily identified solution.
Edit: and no it wasn't me that wrote it
Dave_ST220 said:
I was just taken back a little when some posts implied that the code shouldn't be near a live site.
I think it all depends on perspective, as some of the comments have also shown. I used to work for a company that developed vertical market software, we had the market leading package in two markets for quite a number of years, but survived without any of the formal testing approaches, code reviews, all sorts of stuff that programmers in larger companies would swear by. I'm not saying they're not bad things, if you have the resources, but a lack of them doesn't mean code is bad. Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff