Top 7 things you need to know when programming for the web

John Avis by | January 20, 2015 | Web Development

Over fifteen years of developing for the web, I've learned some lessons the hard way. There are some things they don't teach you in books and tutorials.
Over fifteen years of developing for the web, I've learned some lessons the hard way. There are some things they don't teach you in books and tutorials.

If you build it they will come

That is, if you build a form on a website, spammers and hackers will come to your site.

No matter how small and insignificant your website is, they will try and use it to send you spam, show spam on your website, or hack into your website so they can either show spam or get personal details.

You need to protected your website from every possible form of spam or hacking. Spammers and hackers can be very smart (some SQL injection techniques I have seen are really quite amazing), so you need to be smarter.

Your database is your bottleneck

In a complex database-driven website the database is the usual cause of performance issues.

If you are dealing with a website that handles a reasonable amount of users, then from the outset you need to ensure:

1. Your queries are as efficient as they can be.

2. Your database is indexed well.

3. You cache often used data that doesn't change frequently.

4. You use transactions only when necessary.

Error Notifications

I personally want to know about every 500 Internal Server Error, and I would suggest that you have every error emailed and/or logged (see don't rely on email below).

It can be a bit draining on a high volume website to see every error, but you may well find some problems that you didn't pick up in testing, some controls that may need validation, and probably plenty of hacking attempts.

Although you might not want to know about every 404 Page Not Found error, it's good to know about any 404 error where there referrer was also a local page. ie. you want to know about broken internal links.

Don't rely on email

Email isn't always reliable so it's never a good idea to solely rely on email for important information. I had an ecommerce website where some server settings changed and email from the website stopped working. Before I found out, every message that was sent through the contact form never made it through and was lost forever.

You should store everything that you send by email in a database table or at least a log file of some sort.

What time is it?

If you are storing dates and times in a database then you should store the universal time (UTC) rather than a local date/time. Even if it is a web site that is only for a specific country, think about the consequences if you were to move to hosting in a different region where the server time zone might be different, or what happens when daylight savings ends as the time goes back an hour and the last record in the database has a datestamp 1 hour before the previous record.

Keep a history

In many simple applications the developer will often choose just to overwrite information in the database when something changes.

For example, on an ecommerce website, if a price changes you might just update the same database row with the new price. But what if you need to know what price was being offered on a past date?

Or, in a content management system, what if someone accidentally updated the wrong page? They may have lost some valuable information if the database row has been updated.

For reasons like these, it's almost always good practice to implement some sort of history or version control system and insert a new row when data changes rather than overwrite the same row.

There are various ways of doing this. For example, you may keep multiple versions in the same table or create a separate history table.

Validate all user input

It is essential to protect the user against submitting information that your application won't accept.

Examples include text that is too long to fit in your database, negative numbers when only a positive number is acceptable, date and time, and uploading of files.

If you don't validate all input then the user may receive a server error and have no idea what they did wrong.



If you develop in ASP.NET then see also my Things you need to know when programming in ASP.NET Web Forms post.

Related Posts

Web Development

A jQuery plugin for a fixed table of contents

by John Avis | October 12, 2018

Some long web pages have a handy feature where a table of contents are shown beside the content which remains fixed.


Web Development

How to add AJAX suggestions to yairEO's Tagify tag input component

by John Avis | May 25, 2018

yairEO's Tagify is a great implementation of a tag component, being very lightweight and using in-built browser behaviour where possible. Here's how I get get suggestions via AJAX rather than a fixed whitelist.


Web Development

10 things a web developer should be careful of

by John Avis | April 23, 2018

Here's ten things every web developer should be aware of and avoid.

Comments

There are no comments yet. Be the first to leave a comment!

Leave a Comment
Tags
ASP.NET Html Forms ASP.NET MVC ASP.NET Web Forms ASP.NET Web Pages Bootstrap C# Classic ASP Cool Websites Databases eBay and PayPal Electrical Repairs General Hardware HTML/CSS Jquery/Javascript Media Center Mobile Phones Responsive Web Design SEO and Social Networking Web Design Web Development Web Security web+db Website Hosting Windows XP Youtube

About me

...mostly about web development and programming, with a little bit of anything else related to the Internet, computers and technology.

Subscribe

Get the latest posts delivered to your inbox.