Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: Never, never, never

by jhourcle (Prior)
on Apr 23, 2005 at 16:54 UTC ( #450734=note: print w/replies, xml ) Need Help??

in reply to Never, never, never

A couple more for you (with merlyn's clarification), based on what I've learned over the years:

  • Never use programs from Matt's Script Archive? (technically, this goes into the whole 'never run something without understanding what it's doing' category)
  • Never assume that a file/socket/db handle/whatever opened successfully
  • Never write your own CGI parsing routines without a really good reason to avoid CGI or CGI::Lite
  • Never use the single argument form of exec or system
  • Never test for taint by looking for known bad characters. (instead, look if there are any characters that aren't known to be good).
  • Never pass input to exec or system without first checking for taint.
  • Never assume that e-mail happens immediately, or reliably.
  • Never trust a Sicilian when death is on the line
  • Never waste time optimizing your code before you know where the real bottlenecks are. (see Optimization: Your Worst Enemy and Premature Opmization)
  • Never assume that what you're writing is going to be short lived (unless you delete it immediately after writing it).
  • Never forget the importance of descriptive, unambiguous variable, function, and package names, or the importance of comments and documentation

I'll probably have more to add later....

Replies are listed 'Best First'.
Re^2: Never, never, never
by Forsaken (Friar) on Apr 23, 2005 at 19:24 UTC
    - Never assume any knowledge whatsoever on the side of the user, which leads to: always, always, always check user input before processing, in whatever form it may take.

    - Never assume a subroutine/command has processed a call succesfully when said subroutine/command goes through the trouble of reporting whether or not it did and in that light, always endeavour to write subroutines that have clear and concise error reporting as well as a return value that reports if the command was executed succesfully.

    Those are mostly rules I try to stick to myself, but a lotta folks I know feel the same way about it.

    Remember rule one...

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://450734]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (5)
As of 2018-06-25 01:29 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.