Several things you need to know about website development

Many people like to ask, "What do I need to know ?" Each developer may have different answers. Generally, you need to read everyone's speeches from start to end. However, stack overflow has a very considerate design, which allows you to open a wiki area under the question to allow everyone to edit the best answer. As a result, the following article summarizes a total of 61 "website development instructions" in six aspects ".

Such a comprehensive summary article on website development is rare and therefore useful. Let's take a look at how much you have done in 61 cases?

I. Interface and user experience

1. Know the implementation of web standards in various browsers to ensure that your site can run normally in the main browser. You must test at least the following engines: gecko (for Firefox), WebKit (for Safari, chrome, and some mobile browsers), and IE (you can use Microsoft's application compatibility VPC images for testing) and opera. At the same time, different operating systems may also affect how browsers present your website.

2. In addition to browsers, websites also have other usage methods: mobile phones, screen readers, and search engines. You should know the running status of your website under these circumstances. Mobiforge provides some knowledge about mobile website development.

3. Know how to upgrade your website without affecting your use. Generally, you must have a version control system (CVS, subversion, git, and so on) and a data backup mechanism (Backup ).

4. Do not let users see unfriendly error prompts.

5. Do not directly display the user's email address, at least not in plain text.

6. Set reasonable limits for your website. Once the threshold value is exceeded, the service will automatically stop. (This is also related to website security .)

7. Know how to implement progressive enhancement of web pages (progressive enhancement ).

8. After a POST request is sent, the user always redirects it to another webpage.

9. Do not forget the accessibility of the website (accessibility, that is, how the disabled use the website ). For us websites, this is sometimes a legal requirement. WAI-ARIA has some good references in this regard.

Ii. Security

1. Read OWASP Development Guide, which provides comprehensive website security guidance.

2. Understand SQL injection and its prevention methods.

3. Never trust the data submitted by the user (cookies are also submitted by the user end !).

4. Do not store users' passwords in plain text. You need to hash the passwords before storing them.

5. Do not be too confident about your user authentication system. It may be easily cracked, and you are not aware of the vulnerability.

6. Learn how to handle credit cards.

7. Use SSL/HTTPS on the logon page and other pages that process sensitive information.

8. Know how to deal with session hijacking ).

9. Avoid cross-site execution (XSS ).

10. Avoid cross-origin Request Forgery (xsrf ).

11. patch your system to keep up with the latest version.

12. Confirm the security of your database connection information.

13. Track the latest development of attack technology and the latest security vulnerabilities on your platform.

14. read Google's browser security manual.

15. Read the hacker manual for network software.

Iii. Performance)

1. Use cache whenever possible ). Correctly understand and use HTTP caching and HTML5 for offline storage.

2. Optimize the image. Do not use a 20kb image file as a recurring webpage background pattern.

3. Learn how to use gzip/deflate to compress the content (deflate is preferred ).

4. Combine multiple style sheet files or script files into one file, which can reduce the number of HTTP requests of the browser and the total volume of files compressed by gzip.

5. Browse Yahoo's predictional performance website. There are a lot of excellent suggestions for improving front-end performance, as well as their yslow tools. Google's page speed is another tool used to analyze Web page performance. Both require the installation of firebug.

6. If your webpage uses a large number of small images (such as the toolbar), you should use CSS image sprite to reduce the number of HTTP requests.

7. For a large-traffic website, you should consider spreading webpage objects across multiple domain names (split components into SS domains ).

8. Static content (such as slice, CSS, JavaScript, and other webpage content unrelated to cookies) should be placed on an independent domain name that does not need to use cookies. If there is a cookie under the domain name, the client will attach the cookie content to each HTTP request sent to the domain name. A good method here is to use content delivery network (CDN ).

9. Minimize the number of HTTP requests required by the browser to complete web page rendering.

10. Use Google's closure compiler to compress JavaScript files. Yui compressor is also supported.

11. Make sure that the favicon. ICO file is in the root directory of the website, because even if the file is not included in the webpage, the browser automatically sends a request to it. If this file does not exist, a large number of 404 errors will occur, consuming the bandwidth of your server.

4. Search Engine Optimization

1. Use the "search engine friendly" url format, such as example.com/pages/45-article-title, but not example.com/index.php? Page = 45.

2. Do not use hyperlinks like "Click here", because it wastes a Seo opportunity and reduces the effect of screen reader.

3. Create an XML sitemap file. The default location is/sitemap. XML (put in the root directory of the website ).

4. When multiple URLs point to the same content

.

5. Use Google's webmaster tools and Yahoo's site explorer.

6. Google Analytics (or open-source access analysis tool piwik) was used from the very beginning ).

7. roborobots.txt functions and how search engine spider works.

8. Direct the access requests from www.example.com to example.com (with 301 moved permanently redirection) or use the opposite method to prevent Google from using them as two websites and calculating rankings separately.

9. You know that there is a malicious web spider or an improper behavior.

10. If your website has non-text content (such as video and audio), you should refer to Google's sitemap extension protocol.

V. Technology)

1. Understand the HTTP protocol and concepts such as get, post, sessions, and cookies, including what stateless means.

2. Make sure that your XHTML/html and CSS comply with W3C standards so that they can pass verification. This allows your web page to avoid triggering the quirk of the browser and make it work properly on the screen reader and mobile phone.

3. Understand how the browser handles JavaScript scripts.

4. Understand how JavaScript files, style sheet files, and other resources on the Web page are loaded and run, and how they affect page performance. In some cases, the script file may be placed at the end of the web page.

5. Understand how JavaScript sandbox works, especially if you plan to use IFRAME.

6. Know that JavaScript may not be used or disabled, and Ajax may not always run. Remember, "Do Not Allow script running" (NoScript) is becoming popular for some users. Mobile browsers have different support for scripts, but Google does not run most of the script files when indexing webpages.

7. Understand the differences between 301 redirection and 302 redirection (this is also a Seo issue ).

8. Learn as much as possible about your deployment platform ).

9. Consider using the style sheet reset (reset style sheet ).

10. Consider using JavaScript frameworks (such as jquery, mootools, and prototype) so that you don't have to consider the differences between browsers.

6. fix bugs

1. Understand that 20% of the programmer's time is used for coding, and 80% of the time is used for maintenance. Schedule the time according to this point.

2. Establish an effective error reporting mechanism.

3. Establish some channels or systems to allow users to contact you and provide suggestions and criticism to you.

4. Write documents for future maintenance and customer service personnel to explain how the system runs.

5. Regular backup! (And make sure these backups are valid .) In addition to the backup mechanism, you must also have a recovery mechanism.

6. Use a version control system to store your files, such as subversion or git.

7. Do not forget to perform unit testing. frameworks such as selenium will be useful to you.