Top 6 things you need to know when programming for the web

John Avis by | January 20, 2015 | Web Development

Over fifteen years of developing for the web, I've learned some lessons the hard way. There are some things they don't teach you in books and tutorials.
Over fifteen years of developing for the web, I've learned some lessons the hard way. There are some things they don't teach you in books and tutorials.

If you build it they will come

That is, if you build a form on a website, spammers and hackers will come to your site.

No matter how small and insignificant your website is, they will try and use it to send you spam, show spam on your website, or hack into your website so they can either show spam or get personal details.

You need to protected your website from every possible form of spam or hacking. Spammers and hackers can be very smart (some SQL injection techniques I have seen are really quite amazing), so you need to be smarter.

Your database is your bottleneck

In a complex database-driven website the database is the usual cause of performance issues.

If you are dealing with a website that handles a reasonable amount of users, then from the outset you need to ensure:

1. Your queries are as efficient as they can be.

2. Your database is indexed well.

3. You cache often used data that doesn't change frequently.

4. You use transactions only when necessary.

Error Notifications

I personally want to know about every 500 Internal Server Error, and I would suggest that you have every error emailed and/or logged (see don't rely on email below).

It can be a bit draining on a high volume website to see every error, but you may well find some problems that you didn't pick up in testing, some controls that may need validation, and probably plenty of hacking attempts.

Although you might not want to know about every 404 Page Not Found error, it's good to know about any 404 error where there referrer was also a local page. ie. you want to know about broken internal links.

Don't rely on email

Email isn't always reliable so it's never a good idea to solely rely on email for important information. I had an ecommerce website where some server settings changed and email from the website stopped working. Before I found out, every message that was sent through the contact form never made it through and was lost forever.

You should store everything that you send by email in a database table or at least a log file of some sort.

What time is it?

If you are storing dates and times in a database then you should store the universal time (UTC) rather than a local date/time. Even if it is a web site that is only for a specific country, think about the consequences if you were to move to hosting in a different region where the server time zone might be different, or what happens when daylight savings ends as the time goes back an hour and the last record in the database has a datestamp 1 hour before the previous record.

Keep a history

In many simple applications the developer will often choose just to overwrite information in the database when something changes.

For example, on an ecommerce website, if a price changes you might just update the same database row with the new price. But what if you need to know what price was being offered on a past date?

Or, in a content management system, what if someone accidentally updated the wrong page? They may have lost some valuable information if the database row has been updated.

For reasons like these, it's almost always good practice to implement some sort of history or version control system and insert a new row when data changes rather than overwrite the same row.

There are various ways of doing this. For example, you may keep multiple versions in the same table or create a separate history table.


If you develop in ASP.NET then see also my Things you need to know when programming in ASP.NET Web Forms post.

Related Posts

Web Development

How to add AJAX suggestions to yairEO's Tagify tag input component

by John Avis | May 25, 2018

yairEO's Tagify is a great implementation of a tag component, being very lightweight and using in-built browser behaviour where possible. Here's how I get get suggestions via AJAX rather than a fixed whitelist.


Web Development

10 things a web developer should be careful of

by John Avis | April 23, 2018

Here's ten things every web developer should be aware of and avoid.


Web Development

Why Microsoft's ASP/ASP.NET may be the safe choice for development

by John Avis | February 15, 2018

Some reasons why developing using Microsoft's ASP/ASP.NET has been a good choice over the years.

Comments

There are no comments yet. Be the first to leave a comment!

Leave a Comment
Tags
ASP.NET Html Forms ASP.NET MVC ASP.NET Web Forms ASP.NET Web Pages Bootstrap C# Classic ASP Cool Websites Databases eBay and PayPal Electrical Repairs General Hardware HTML/CSS Jquery/Javascript Media Center Mobile Phones Responsive Web Design SEO and Social Networking Web Design Web Development Web Security web+db Website Hosting Windows XP

About me

...mostly about web development and programming, with a little bit of anything else related to the Internet, computers and technology.

Subscribe

Get the latest posts delivered to your inbox.