18 critical errors in Web development and 18 critical errors in web Development
In the past few years, I have the opportunity to participate in some interesting projects and develop, upgrade, restructure, and develop new functions independently.
This article summarizes some key errors that PHP programmers often ignore in Web development, especially when dealing with medium and large projects. Typical errors are manifested in the inability to distinguish between various development environments and the absence of cache and backup.
The following uses PHP as an example, but its core idea is applicable to every Web programmer.
Application-Level Error 1. error reports are disabled during development
The only question I want to ask is: Why? Why should I disable error reports during development?
PHP has many levels of error reports, which must be enabled in the development phase.
If you think errors will not happen, You will idealize the program. In the real world, errors are inevitable. Error_reporting and display_error are two completely different methods. error_reporting () sets the error level, while display_errors sets whether the error information is output.
In the development phase, the error report level should be set to the highest, such as the following settings: error_reporting (E_ALL); and ini_set ('display _ errors ', true );
2. Flood errors
On the contrary, many programmers like to drown out errors. You know that errors will happen, but you choose to hide them, and then you can go home early to sleep, we do not know that more serious errors will occur in the future.
3. No logs are used anywhere in the code.
At the beginning of software development, you must keep in mind the use of logs. The log function cannot be compensated until the end of the project. Many programmers use one way or another to record logs, but few can actually use logs to record exception information. What is the purpose of a log system that nobody can view?
4. No cache is used
In the application system, we can use the cache at multiple system levels, such as on the server, application, and database. Like logs, the cache should also be applied to the system at the beginning. You can disable the cache at the development stage and enable the cache after the product is released.
5. The best practices and design patterns are discarded.
How many people have you seen using their own cryptographic algorithms? Sorry to tell you, there are many because they think they will better understand it.
The Best Practices and design patterns have already been created by the predecessors, which is often easier to use than recreating a wheel on your own, we developers only need to be familiar with these design patterns and apply them properly in projects, such as some encryption algorithms.
6. Automated testing is not used.
Tests are used in every Web project, Just Like logs. If no one manages and uses them, the tests are useless.
Running the test project is a tedious task. Fortunately, there are a series of tools that help us automate the test. In PHP development, there is a good test tool called Jenkins, which is very convenient to use.
7. No code review
Working in a team is a very big challenge, because every member has their own different work habits and methods. If there is no good specification, project development will take a lot of detours.
Every member of the team should review code to each other, just like unit testing, which can help the project become more clean and consistent.
8. programming only considers the ideal situation
Have you ever encountered problems or even messy la s when your own or others' code is handed over to customers? Of course I don't.
This is often because developers are lazy and only consider the ideal situation. This will lead to database crashes, fatal PHP errors, or even server hacking. When writing code, programmers should not only consider the most ideal situation, but also the worst case and comprehensive thinking so that the code can overwrite all the situations.
9. The idea of object-oriented programming is not properly applied.
Most PHP beginners do not use object-oriented ideas in their code, because this concept is hard to understand at the beginning.
Of course, the concept of object-oriented is not simply to organize some classes together.
Objects, attributes, methods, inheritance, and encapsulation are the most basic concepts in OOP. After developers correctly use the object-oriented design model, they can write cleaner and more scalable code.
10. On-the-fly Programming
Most developers will encounter this situation: "fast, customers need a new function to run ASAP", so you add some new features on the source code, then directly upload the program to the running server. This programming method is called On-the-fly programming.
When developing software, especially medium and large projects, we must analyze, program, and release the software according to the workflow, which will greatly reduce future software bugs. This "flight mode" is not desirable.
Database-Level Error 11. Database read/write splitting not performed
In order to run a complex system for a long time, Every programmer should consider the scalability of the system, because the system does not need to consider expansion for 99% of the time, because there is no such large traffic.
Why database read/write splitting?
In every system, the database will be the first bottleneck. Under the impact of large traffic, the database will probably be the first to be killed. In most cases, we use multiple databases to distribute traffic. Developers often use Master-Slave mode or Master-Master mode. Master-Slave is the most popular database partial pressure mode. It routes the specified select statement to each Slave server, which reduces the pressure on the Master server.
12. The code can only be connected to one database
This is very similar to the previous error, but developers sometimes need to connect to multiple databases for some reason, for example, you will put user logs, activity information flows, real-time data analysis, and other high-load data into different databases to relieve the pressure on the primary database.
13. No database vulnerabilities Detected
If you do not detect database vulnerabilities, the server door is opened to most hackers.
Among the many vulnerabilities, database vulnerabilities are the most vulnerable, and the most common is SQL injection. Therefore, regular database Vulnerability Detection is necessary.
14. Data Tables are not indexed
Indexes play an important role in data tables. An appropriate index can improve the performance of each table. Here is an article about how to create an index and when to create an index.
15. No transaction mechanism is used
Data integrity is very important to the Web system. If data consistency errors occur, the entire system will crash and be difficult to repair. The rational use of the database transaction mechanism will effectively solve this problem. For example, if you want to save user data, table1 contains e-mail, username and password, table2 contains first name, last name, and gender age. We can use transactions to update two tables to ensure that the data is updated or not updated at the same time.
16. No sensitive data is encrypted
If you do not encrypt sensitive information in the database or use simple algorithms to encrypt it, you will certainly encounter some troubles in 2014, once hackers intrude into your database, your passwords or other important information will be displayed at a glance.
PHP5.5 provides a hash encryption method, using the following:
$hash = password_hash( $password, PASSWORD_BCRYPT );
17. No backup
I can't see the image below. If this happens and you haven't backed up, everything will be over.
18. No monitoring
Without monitoring, you will not know what will happen next. for monitoring, pay attention to the following issues:
- How many people can access this application service directly?
- Is the server running under high load?
- Do we need to use another database server to expand the system?
- Where are application system failures?
- Is the system currently offline?