1

I am new to the world of coding as well as PHP. As I am looking at putting together a minor web application for a small client, how do I get my code reviewed without giving away what the client considers to be private to them so that I know my code is well-written, adheres to standards and is secure?

PeanutsMonkey
  • 6,919
  • 23
  • 73
  • 103
  • 5
    Hire a consultant to review it. – Jared Farrish May 21 '11 at 07:59
  • @Jared Farrish - Thanks. Considering the project is minor i.e. possibly 2 pages at most, hiring a consultant would be overkill. Are there any other options? – PeanutsMonkey May 21 '11 at 08:01
  • @Darin Dimitrov - None of my friends are developers. – PeanutsMonkey May 21 '11 at 08:02
  • 1
    You might contact a university professor that teaches in/knows PHP and see if they would review it for you. In all probability, the "threat" of theft is overblown, in most cases. – Jared Farrish May 21 '11 at 08:04
  • 1
    Why did you take the `minor web application` if you are `new to the world of coding as well as PHP`? My advise is to start learning the basics of PHP, try developing a `minor web application` following a tutorial and after doing that, you will probably won't need code review – Andrei Sfat May 21 '11 at 08:05
  • @Andrei Sfat - I took the minor project as a way to challenge myself. I have been learning the basics of PHP and have written several minor web applications however I am unsure if my coding adheres to standards, is secure, etc – PeanutsMonkey May 21 '11 at 08:07
  • @Andrei Sfat - I am sure even the most proficient developers must have their code reviewed in some form or shape. I would be surprised that no one would ever have their code reviewed. How would you know otherwise it could be done better, more securely, be optimized, etc? – PeanutsMonkey May 21 '11 at 08:38

3 Answers3

7

You don't. You get a trusted individual/company, sign NDAs, and have legal protections.

How to choose somebody is a double edged sword: There are definite benefits to having the client make the decision of who to hire, which takes you out of the equation in case anything goes badly... however, you also don't want somebody who is there to 'steal' your business.

John Green
  • 13,241
  • 3
  • 29
  • 51
  • @John Green - PageSpike - Thanks. I appreciate hiring a company however considering the project is minor just 2 pages, what other options do I have available to me? I can certainly recommend that the client hire someone however this is most unlikely as the project is too small to justify the cost and this is to ensure what I am coding is up to scratch. – PeanutsMonkey May 21 '11 at 08:05
  • Well, how private do you think the information could be if it is so small? – John Green May 21 '11 at 08:09
  • @John Green - PageSpike - The client considers it private considering it includes some of their intellectual information. However even if they did not have intellectual information, they have requested that code be kept private and hence I have to oblige by their requirements or I loss the opportunity to develop a real world application. The reason I am keen to take it on is so that I get to work on my knowledge of coding and gain experience. – PeanutsMonkey May 21 '11 at 08:12
  • Is your client concerned? Do they want assurances? If you're doing it for your own edification, but don't want to disclose the code your client has paid for, then see if you can find a competent coder that is willing to help you review the code. "Two pages" is not a significant amount of code in the abstract. – Jared Farrish May 21 '11 at 08:12
  • 1
    @Jared Farrish - They are not concerned. All they have requested is that the code not be shared. Point taken on hiring a competent coder. Guess it would have to come out of my own pocket as I am doing it for both their benefit as well as mine. – PeanutsMonkey May 21 '11 at 08:14
  • @Jared - Agreed. I was actually thinking I'd look at it for free if it is only 2 pages. Of course, next thing is he's going to tell me that he's got 2 files, each of which is 8K lines with 40 classes each. Or worse, it is all one procedural mess. : ) – John Green May 21 '11 at 08:58
  • @PeanutsMonkey - If you'd like, I'll look. However let it be known that I'm taking no 'consideration' for this (fancy way of saying not getting paid) and I am only making recommendations, not providing any warranty to the code itself. And if there are any lawyers here, let me know if I missed anything in the 'getting sued' department. : ) – John Green May 21 '11 at 09:02
  • @PeanutsMonkey - It takes years to develop as a scripter/developer, and finding someone to help who already has competencies in the areas that you feel you lack is a good thing. You have to start somewhere. – Jared Farrish May 21 '11 at 14:52
  • @John Green - PageSpike - Actually I am hoping it'll be a small enough for me to learn from and thanks for the offer. There won't be any lawyers involved nor am I expecting you to make warranties. What I would like though is someone to give me constructive criticisms. If I can, I'll post in on code review. – PeanutsMonkey May 21 '11 at 19:56
  • @Jared Farrish - Thanks. I can appreciate it takes years to gain experience and become a good developer but what I was hoping for is tools that help me identify weaknesses in my code. Secondly I was also hoping someone could teach me to identify my own mistakes and how I can do code better. – PeanutsMonkey May 21 '11 at 19:58
  • 1
    @PeanutsMonkey - Take John up on his offer. Without openly providing the code, crowd surfing a code review is difficult. Concentrate on what's between the ears: There are things that can help you check your code organization, such as http://stackoverflow.com/questions/378959/is-there-a-static-code-analyzer-like-lint-for-php-files, maybe try some [fuzzing](https://www.owasp.org/index.php/Fuzzing), and investigate [unit testing](http://www.simpletest.org/). Also, read [EE's Security Guidelines](http://expressionengine.com/user_guide/development/guidelines/security.html). – Jared Farrish May 21 '11 at 20:26
  • 1
    @PeanutsMonkey - Actually, it might be beneficial to read all of EE's guidelines: http://expressionengine.com/user_guide/development/guidelines/index.html They deal with a lot of graphic designers who aren't real coders, so their approach is rather straight forward and includes a lot of good best practices. – Jared Farrish May 21 '11 at 20:31
  • @Jared Farrish - Thanks. I'll certainly have a read if the guidelines. – PeanutsMonkey May 22 '11 at 19:47
4

You can obfuscate what the client considers private and post it on https://codereview.stackexchange.com/.

And there are all sorts of tools, e.g.:

http://pear.php.net/manual/en/package.php.php-codesniffer.php

Community
  • 1
  • 1
Denis de Bernardy
  • 75,850
  • 13
  • 131
  • 154
3

Hiring a consultant is your best bet.

If you have specific, small chunks of code to review then https://codereview.stackexchange.com/ may be of interest.

See also this question, for automated ways to check your code quality.

Community
  • 1
  • 1
johnsyweb
  • 136,902
  • 23
  • 188
  • 247