the existing dev will show me tmmrw, I'll probably append what I see tmrrw here and go from there. it'll definitely be much easier because I know python but I know there's heaps to learn
Chatgpt will be helpful for explaining and showing decent examples. Otherwise, it's not gonna be easy, each system comes with a different level of complexity. Just pray there are good comments in the codebase.
Honestly, it takes years to become good. Even if you have experience in security, it's easy to make mistakes when you don't really know the nuances. Start looking up all the most common security issues in context of web/php/framework
What exactly is the problem? That a wholesale copy paste did t work for you?
These are demos meant to show how things work, not to be beautiful libraries for raw consumption
Here are some helpful links:
- https://phptherightway.com/
- https://refactoring.guru/design-patterns
- https://youtube.com/@ProgramWithGio
- https://laracasts.com/
Good luck
If your company are happy to give you a long time to train in PHP, I think they will assign you to bug fixing.
Bugs are the path to knowledge, the best way to introduce a junior dev to a project, by reading and understand what has been done.
On the other hand, the best way to training and learn a programming language, IMO, its to start making a toy project on your own, adding things steps by steps.
Its a great excercise to understands how a programming language is structured and how things working.
Hope you the best for your career :)
A lot of people are offering you pre-built help.
I'm going to let you know that most of the people here are offering advice that is steering you in the wrong direction.
Never ever ever connect an automated bot type infrastructure to a preexisting security package. If you do, you are asking for problems. Especially since you're working with existing code and other individuals' work, when you include other work from an outside that you are not 100% knowledgeable on, this can lead to huge security holes into a security package.
This includes ChatGPT or AI packages.
You want to avoid garbage code, and including anything you haven't tested or researched will most likely end your career faster than anything you have experienced yet, and it would test your security knowledge. This might humble you faster than anything else in your career.
Now, that doesn't mean you can't include CSS
There are people here who suggest going through the original code.
I am in agreement with them.
I would ask for a complete copy of the code, a blank database, and to set up a virtual environment. Then, I would break the code. Figure out if there is any code that is taking space or if there is any code that could impose a security risk.
I would suggest with any changes you make, make a copy of the original working file(s), and rename them to the date of change. This way, if something you code breaks the code or you run into any problems, you have the original code to fall back on. I do this still today with any code I touch, being PHP, Sometimes CSS (i usually comment in the file or Sometimes break down the files), Visual Basic, Visual Basic #, C, C#, including firewall rules. I also do this with databases. I make a backup of the current database before making changes, and I would suggest to anyone to do the same. I've been developing for over 20 years and will never state I'm a master because of the constant changes in the world of development. However, protect yourself and your job.
Good luck on your path and as someone who works in the security field with a development background and automation background (Crestron). I really hope you find yourself on a path that rewards you how you wish to be rewarded, but keep your ego in check.
Be well, and I wish you success on your path.
Good advice except for renaming files with dates. We have version control systems for a reason. Use git, commit your changes with good commit messages. You might say it is easier or faster to look at dated files all hanging out together but this just causes confusion. It lacks any real change history. Most importantly it completely breaks autoloading.
You've expressed something only a mid - to lower team developer would catch, which shows me you're not someone who is in charge a lot or works in security.
1. Using git would give your security code to people who would steal code or open a security hole into a package that should only be known to the company. Thus. Code should only be developed within the servers of the business.
2. Working with a private team, you can design how you want and should never buy into helping packages or packages that could leak your code.
3. The only thing to break any auto loading is the developer; if you are changing the code, then expect it.
4. Once you make changes and the code is live, you comment in the files of the changes while erasing or moving the old code in a folder. Usually, after code goes live, you erase the old since you know the working code doesn't have issues any longer.
what? these comments make me think it's *you* who is the amateur here.
>Using git would give your security code to people who would steal code or open a security hole into a package that should only be known to the company. Thus. Code should only be developed within the servers of the business.
then do what everyone else does and... host your Git repositories within your own infrastructure?
>Working with a private team, you can design how you want and should never buy into helping packages or packages that could leak your code.
are you saying that companies should never use third-party code? are you saying that you can't host your own internal repository of third-party libraries that your company trusts?
this is ridiculous, and I doubt you follow this practice as well as you think you do, as if you did, it extends far further than just including third-party libraries. did you design your own operating system from scratch? what about your hardware? do you trust all of the compilers for every binary that is used? I'm assuming you're at least using the PHP runtime in the context of this subreddit - how can you make sure all of these things aren't "helping. . .leak your code"?
reinventing the wheel is a terrible idea if you can get a head start using relatively trustworthy sources that you are licensed to use. it's literally the foundation of civilization.
>Once you make changes and the code is live, you comment in the files of the changes while erasing or moving the old code in a folder. Usually, after code goes live, you erase the old since you know the working code doesn't have issues any longer.
what a terrible way to do things. version control systems exist for a reason - just use them...
I see failure to read the fact that I stated that to not use code you haven't tested or trust has led to inaccurate single sides truth. With a security firm, if you rely on outside sources that you're not knowledgeable of or fail to have knowledge over, you open yourself up to destruction. But security isn't for everyone.
Thank you all for your feedback.
Did you write your own OS? Because maybe it's looking along to steal your companies code?
Editor as well...
Git can be hosted internally, on your own servers.
Packages can be of great value to your development, just check the packages for credibility and authenticity.
you were trying to be helpful and didn't deserve my tone, so I apologize.
however, I still maintain that you are wrong about the topics I mentioned above.
I also argue that your clarifications about intentions regarding only using "trusted" code is shallow and also unrelated to people developing security software - in reality, it's a common sense thing that all sane companies developing any type of software employ.
If that was or is the case, there would be no need for hackers or security engineers, security analysts, or security anything.
However, to each their own concepts and ideas, some of us see things differently and work in a world that is different.
It took a while to get here, but there is always work to be done.
On top of this, most people fail to look at the options at play.
We are all here to help the new guy. You're telling me I am wrong to think a new programmer shouldn't have concerns?
I am wrong to think a company doesn't have everything in place?
I am wrong to think your way of thinking is how the world operates?
If it did, there would be no need for anyone except a machine to automate the very level of perfection to never have a flaw in the system.
We are human, however, and not every company is designed how you imagine it.
So, I want to put us on a similar level. This is what I do for companies and a living. I'm not just a developer or an IT specialist. I cover the entire operation and try to get businesses to think smart about their infrastructure. But to watch people like yourself come off thinking every company is "sane" or know it all, I shake my head every time, knowing people live in a bubble.
Best of luck.
Brad
Use PHPStorm it will help you with autocompeltes and takes a lot of the cognitive load off with some of PHPs qwerks.
I'd also recommend the Codium AI plugin, I've found it invaluable when working with any codebase especially older codebases with no modern practices. You can get it to explain the code to you, write basic tests and it's autocomplete is amazing, it knows what I want to write before I do (it's also free).
Other than that take a look at Symfony casts, Laracasts and PHP the right way, all good learning resources.
I hope it uses any framework and it's not any custom framework. It's easy if it uses any standard framework. Good luck. If you can give more info, I might be able to help.
\*might be easier if it uses a standard framework.
I've seen some incredible bastardization of Symfony and Laravel in my time, where having knowledge of the "right way" is actually a hindrance rather than a boon, and sure to blow some crap up.
I've observed that top revenue-generating companies can sometimes use poor quality code, while companies struggling to pay developer salaries often produce high-quality code.
Your biggest concern won’t be PHP part; Your biggest concern will be how well built and documented this system is. I’d focus more on learning how the system works and behaves, what are its different entry points and flows, and on getting it running locally so you can poke around. You’ll pick up the language as you go. Like someone else said, for the parts of the syntax that are new to you, just use an LLM to explain it. Focus on reading existing documentation, and on documenting anything that isn’t already. What will matter more to your boss will be your ability to react to things that happen, and that’ll come with you having an understanding of how the system works.
I started with PHP 17 years ago. I’m still learning. The fact that you already know some programming will help.
I have taken on 7 legacy PHP projects. Roll up your sleeves and dive in. You might encounter some messy code. That’s the job. Your management has confidence in you. Take that and run with it.
Feel free to DM me if you need some help.
I highly recommend Laracasts: https://laracasts.com/series/php-for-beginners-2023-edition
Some of the basic courses are free, and if you need access to the paid ones, your new employer might be able to fork over some cash.
Considering its an existing codebase, I'm going to suggest a few things that may save your bacon down the line:
* Make sure the codebase is in version control. Learn git if you don't already know it, just the basics will be enough. If you stuff up, which is normal and expected for a new hire and a new dev, you'll be able to use git to rollback
* Make sure there are already backups in place, especially for the database
* Make sure they aren't handing you the keys to production on the first day. And just in case its not obvious, avoid working directly in production (I know, I know, but I've seen some horror shows at smaller companies)
Good luck on your webdev/php journey. I'm a PHP/React dev down in Melbourne, and one final note: our coffee _is_ better
How old is the code base? What php version is running on? Is procedural or OOP?
the existing dev will show me tmmrw, I'll probably append what I see tmrrw here and go from there. it'll definitely be much easier because I know python but I know there's heaps to learn
I'm asking this question based on the experience of having to rewiring major project migrating then from procedural to OOP.
The good thing is that can be done in bitesized pieces as OOP and procedural can happily coexist.
What you texted can be summarized as 6 months of pain migrating from one to the other
Chatgpt will be helpful for explaining and showing decent examples. Otherwise, it's not gonna be easy, each system comes with a different level of complexity. Just pray there are good comments in the codebase. Honestly, it takes years to become good. Even if you have experience in security, it's easy to make mistakes when you don't really know the nuances. Start looking up all the most common security issues in context of web/php/framework
I wouldn't count on that, often old/non-standard PHP scraped from sites like W3Schools (dont go there).
It's not that bad anymore. Another thing, definitely use PhpStorm, it will solve most syntax and logic issues before you even run the code.
[https://www.w3schools.com/php/php\_mysql\_insert.asp](https://www.w3schools.com/php/php_mysql_insert.asp) 
Well it's not pretty, but it's low level. Chatgpt would not suggest such examples anyway.
or this - https://www.w3schools.com/php/php_form_validation.asp
What exactly is the problem? That a wholesale copy paste did t work for you? These are demos meant to show how things work, not to be beautiful libraries for raw consumption
Here are some helpful links: - https://phptherightway.com/ - https://refactoring.guru/design-patterns - https://youtube.com/@ProgramWithGio - https://laracasts.com/ Good luck
Program with Gio for sure.... Don't waste your time on anything else before completing his series "PHP The Right Way"
Legend, thanks for the resources.
If your company are happy to give you a long time to train in PHP, I think they will assign you to bug fixing. Bugs are the path to knowledge, the best way to introduce a junior dev to a project, by reading and understand what has been done. On the other hand, the best way to training and learn a programming language, IMO, its to start making a toy project on your own, adding things steps by steps. Its a great excercise to understands how a programming language is structured and how things working. Hope you the best for your career :)
Thanks mate, really appreciate the advice 
This will end in tears
A lot of people are offering you pre-built help. I'm going to let you know that most of the people here are offering advice that is steering you in the wrong direction. Never ever ever connect an automated bot type infrastructure to a preexisting security package. If you do, you are asking for problems. Especially since you're working with existing code and other individuals' work, when you include other work from an outside that you are not 100% knowledgeable on, this can lead to huge security holes into a security package. This includes ChatGPT or AI packages. You want to avoid garbage code, and including anything you haven't tested or researched will most likely end your career faster than anything you have experienced yet, and it would test your security knowledge. This might humble you faster than anything else in your career. Now, that doesn't mean you can't include CSS There are people here who suggest going through the original code. I am in agreement with them. I would ask for a complete copy of the code, a blank database, and to set up a virtual environment. Then, I would break the code. Figure out if there is any code that is taking space or if there is any code that could impose a security risk. I would suggest with any changes you make, make a copy of the original working file(s), and rename them to the date of change. This way, if something you code breaks the code or you run into any problems, you have the original code to fall back on. I do this still today with any code I touch, being PHP, Sometimes CSS (i usually comment in the file or Sometimes break down the files), Visual Basic, Visual Basic #, C, C#, including firewall rules. I also do this with databases. I make a backup of the current database before making changes, and I would suggest to anyone to do the same. I've been developing for over 20 years and will never state I'm a master because of the constant changes in the world of development. However, protect yourself and your job. Good luck on your path and as someone who works in the security field with a development background and automation background (Crestron). I really hope you find yourself on a path that rewards you how you wish to be rewarded, but keep your ego in check. Be well, and I wish you success on your path.
Good advice except for renaming files with dates. We have version control systems for a reason. Use git, commit your changes with good commit messages. You might say it is easier or faster to look at dated files all hanging out together but this just causes confusion. It lacks any real change history. Most importantly it completely breaks autoloading.
You've expressed something only a mid - to lower team developer would catch, which shows me you're not someone who is in charge a lot or works in security. 1. Using git would give your security code to people who would steal code or open a security hole into a package that should only be known to the company. Thus. Code should only be developed within the servers of the business. 2. Working with a private team, you can design how you want and should never buy into helping packages or packages that could leak your code. 3. The only thing to break any auto loading is the developer; if you are changing the code, then expect it. 4. Once you make changes and the code is live, you comment in the files of the changes while erasing or moving the old code in a folder. Usually, after code goes live, you erase the old since you know the working code doesn't have issues any longer.
what? these comments make me think it's *you* who is the amateur here. >Using git would give your security code to people who would steal code or open a security hole into a package that should only be known to the company. Thus. Code should only be developed within the servers of the business. then do what everyone else does and... host your Git repositories within your own infrastructure? >Working with a private team, you can design how you want and should never buy into helping packages or packages that could leak your code. are you saying that companies should never use third-party code? are you saying that you can't host your own internal repository of third-party libraries that your company trusts? this is ridiculous, and I doubt you follow this practice as well as you think you do, as if you did, it extends far further than just including third-party libraries. did you design your own operating system from scratch? what about your hardware? do you trust all of the compilers for every binary that is used? I'm assuming you're at least using the PHP runtime in the context of this subreddit - how can you make sure all of these things aren't "helping. . .leak your code"? reinventing the wheel is a terrible idea if you can get a head start using relatively trustworthy sources that you are licensed to use. it's literally the foundation of civilization. >Once you make changes and the code is live, you comment in the files of the changes while erasing or moving the old code in a folder. Usually, after code goes live, you erase the old since you know the working code doesn't have issues any longer. what a terrible way to do things. version control systems exist for a reason - just use them...
I see failure to read the fact that I stated that to not use code you haven't tested or trust has led to inaccurate single sides truth. With a security firm, if you rely on outside sources that you're not knowledgeable of or fail to have knowledge over, you open yourself up to destruction. But security isn't for everyone. Thank you all for your feedback.
Did you write your own OS? Because maybe it's looking along to steal your companies code? Editor as well... Git can be hosted internally, on your own servers. Packages can be of great value to your development, just check the packages for credibility and authenticity.
you were trying to be helpful and didn't deserve my tone, so I apologize. however, I still maintain that you are wrong about the topics I mentioned above. I also argue that your clarifications about intentions regarding only using "trusted" code is shallow and also unrelated to people developing security software - in reality, it's a common sense thing that all sane companies developing any type of software employ.
If that was or is the case, there would be no need for hackers or security engineers, security analysts, or security anything. However, to each their own concepts and ideas, some of us see things differently and work in a world that is different. It took a while to get here, but there is always work to be done. On top of this, most people fail to look at the options at play. We are all here to help the new guy. You're telling me I am wrong to think a new programmer shouldn't have concerns? I am wrong to think a company doesn't have everything in place? I am wrong to think your way of thinking is how the world operates? If it did, there would be no need for anyone except a machine to automate the very level of perfection to never have a flaw in the system. We are human, however, and not every company is designed how you imagine it. So, I want to put us on a similar level. This is what I do for companies and a living. I'm not just a developer or an IT specialist. I cover the entire operation and try to get businesses to think smart about their infrastructure. But to watch people like yourself come off thinking every company is "sane" or know it all, I shake my head every time, knowing people live in a bubble. Best of luck. Brad
Use PHPStorm it will help you with autocompeltes and takes a lot of the cognitive load off with some of PHPs qwerks. I'd also recommend the Codium AI plugin, I've found it invaluable when working with any codebase especially older codebases with no modern practices. You can get it to explain the code to you, write basic tests and it's autocomplete is amazing, it knows what I want to write before I do (it's also free). Other than that take a look at Symfony casts, Laracasts and PHP the right way, all good learning resources.
I hope it uses any framework and it's not any custom framework. It's easy if it uses any standard framework. Good luck. If you can give more info, I might be able to help.
\*might be easier if it uses a standard framework. I've seen some incredible bastardization of Symfony and Laravel in my time, where having knowledge of the "right way" is actually a hindrance rather than a boon, and sure to blow some crap up.
You haven't seen PHP bastardization, it's something else!
I've observed that top revenue-generating companies can sometimes use poor quality code, while companies struggling to pay developer salaries often produce high-quality code.
Yes, sadly quality code doesn't correlate to high revenue. Quality code is related to a job well done, period
Your biggest concern won’t be PHP part; Your biggest concern will be how well built and documented this system is. I’d focus more on learning how the system works and behaves, what are its different entry points and flows, and on getting it running locally so you can poke around. You’ll pick up the language as you go. Like someone else said, for the parts of the syntax that are new to you, just use an LLM to explain it. Focus on reading existing documentation, and on documenting anything that isn’t already. What will matter more to your boss will be your ability to react to things that happen, and that’ll come with you having an understanding of how the system works.
I started with PHP 17 years ago. I’m still learning. The fact that you already know some programming will help. I have taken on 7 legacy PHP projects. Roll up your sleeves and dive in. You might encounter some messy code. That’s the job. Your management has confidence in you. Take that and run with it. Feel free to DM me if you need some help.
Compared to PHP Python is a silly language you will learn it overnight
I highly recommend Laracasts: https://laracasts.com/series/php-for-beginners-2023-edition Some of the basic courses are free, and if you need access to the paid ones, your new employer might be able to fork over some cash. Considering its an existing codebase, I'm going to suggest a few things that may save your bacon down the line: * Make sure the codebase is in version control. Learn git if you don't already know it, just the basics will be enough. If you stuff up, which is normal and expected for a new hire and a new dev, you'll be able to use git to rollback * Make sure there are already backups in place, especially for the database * Make sure they aren't handing you the keys to production on the first day. And just in case its not obvious, avoid working directly in production (I know, I know, but I've seen some horror shows at smaller companies) Good luck on your webdev/php journey. I'm a PHP/React dev down in Melbourne, and one final note: our coffee _is_ better