18 Critical Errors in web development

A few years ago, I had the opportunity to participate in some interesting projects and to independently complete development, upgrades, refactoring, and the development of new features.

This article summarizes some of the key errors that PHP programmers often ignore in web development, especially when dealing with large-scale projects. Typical errors are manifested in the inability to differentiate between various development environments and the use of caches and backups.

The following is an example of PHP, but its core idea is applicable to every web programmer.

Application-level error 1, error reporting closed during development phase

The only thing I want to ask is: why? Why do I need to close the bug report when I'm developing?

PHP has many levels of error reporting, and we have to turn them all on during the development phase.

If you think the error will not happen, then you put the program too idealistic, in the real world, the error is inevitable. Error_reporting and Display_error are two completely different methods, error_reporting () Sets the wrong level, and display_errors is the setting of whether the error message is to be output.

At the development stage, the level of error reporting should be set to the highest, such as the following settings: Error_reporting (E_all), and Ini_set (' display_errors ', true);

2. Flooding error

Contrary to the above, many programmers like to drown out errors, you know that mistakes will occur, but you choose to hide the errors, and then can go home early to sleep, but the future will be more serious mistakes.

3. No log is used anywhere in the code

The beginning of software development you have to remember to use the log, not until the end of the project to make up the log function. Many programmers use this or that way to log records, but very few people can really log the exception information, ask a no one to view the log system what is the use?

4. No cache is used

In the application system, we can use the cache at multiple system levels, such as on the server side, the application side and the database side. As with logs, caching should be applied to the system at the outset, and you can disable caching in the development phase until the product is released and the cache is opened.

5. Discard best practices and design patterns

How many people have you seen using their own cryptographic encryption algorithms? I'm sorry to tell you that there are a lot of them because they think they will know more about it.

The best practices and design patterns have been created by predecessors, which is often more simple than rebuilding a wheel for yourself, and our developers only need to master these design patterns and apply them wisely, such as some cryptographic algorithms.

6. No automated tests are used

Testing is used in every Web project, just like logs, and if no one is managing and using it, then testing is useless.

Running a test project is a tedious task, but fortunately there are a number of tools that help us automate our testing. In PHP development, there is a very good test tool called Jenkins, very convenient to use.

7, did not do code review

Working in a team is a very big challenge, because each member has its own different working habits and methods, and if there are no good specifications, then the development of the project will go a lot of detours.

Each member of the team should review the code with each other, like unit tests, which can help the project become cleaner and more consistent.

8, programming only consider the ideal situation

Have you ever met yourself or someone else's code that often goes wrong when you hand it over to the customer? Of course I didn't.

This often happens because the developer is lazy and considers only the ideal, which causes the database to crash, the PHP fatal error, or even the server being hacked. Programmers write code not only to consider the most ideal situation, but also to consider the worst situation, thinking comprehensively, in order to let the code cover all situations.

9. The idea of object-oriented programming is not applied correctly

Most PHP beginners do not use object-oriented thinking in their code, because the concept is difficult to understand at first.

Of course, the concept of object-oriented is not simply to organize some classes together.

Objects, properties, methods, inheritance, and encapsulation are the most basic concepts in OOP, and developers have the ability to write cleaner, more extensible code when they use the object-oriented design pattern correctly.

10, "Flight Mode" (on-the-fly) programming

Most developers encounter this situation: "Fast, customers need a new feature to run ASAP", so you add some features to the source code, and then directly upload to the running server, which we call "Flight mode" (on-the-fly) programming.

When we develop our software, especially in large and medium-sized projects, we must analyze, program, and publish according to our workflow, which will greatly reduce the bugs of future software. This "flight mode" is not advisable.

Database-level Error 11, database is not read/write detached

In order to be able to run complex systems for a long time, each programmer should consider the scalability of the system, the system 99% of the time does not need to consider the expansion, because there is no such a large amount of traffic.

Why database read/write separation?

In each system, the database will be the first bottleneck, under the impact of large traffic, the database is likely to be the first to be killed. So in most cases we use multiple databases to distribute traffic, and developers often use Master–slave or Master–master mode. Master–slave is the most popular type of database compression mode, which routes the specified SELECT statement to each slave server, so that the pressure on the master server is reduced considerably.

12, the code can only connect to a database

This is very similar to the previous error, but developers sometimes need to connect to multiple databases for some reason, such as you can put high-load data such as user logs, activity streams, and real-time data analysis into different databases to mitigate the stress on the primary database.

13. No database vulnerability detected

If you do not detect the vulnerability of the database, it is equivalent to the majority of hackers open the door to the server.

Among the many vulnerabilities, database vulnerabilities are the most vulnerable, and the most common is SQL injection. Therefore, it is necessary to do regular database vulnerability detection.

14, the data table does not build index

Indexes play a very important role in data tables, and an appropriate index can improve the performance of each table, and here's an article that explains how to create indexes and when to create them.

15. No transaction mechanism is used

Data integrity is important for web systems, and if data consistency is wrong, the entire system crashes and is difficult to repair. Reasonable use of database transaction mechanism will effectively solve this problem. For example, you want to save user data, there are e-mails in Table1, username and password,table2 have first name, last name, and gender age. We can make use of transactions to update two tables to ensure that the data is updated at the same time or not updated at the same time.

16. No encrypted sensitive data

For sensitive information in the database, if you do not encrypt them, or use simple algorithms to encrypt, then in 2014 you will certainly encounter some trouble, hackers once invaded your database, the user's password or other important information will be unobstructed.

A hash encryption method is provided in PHP5.5, using the following:

$hash = Password_hash ($password, Password_bcrypt);

17. No Backup

See the picture below no, if you encounter such a situation, you do not backup, then everything over.

18, no monitoring

Without monitoring, you will not know what will happen next, for monitoring, pay attention to the following issues:

• How many people have direct access to this app service?
• Does the server run under high load?
• Do we need to extend the system with another database server?
• Where is the failure point of the application system?
• is the system currently offline?

18 Critical Errors in web development