- [general] Focus your attention on the most critic parts of the system, all across the testing stage. The most critic parts are those that could cause an important money loss for the client (for example feedback forms or newsletter joining setting).
- Keep a big eye on the code that manages AJAX requests: filter the input, perform permission check,…
- Javascript: when declaring a variable, use the var keyword (that set the variable as local if inside a function) as much as possible
- Use CSS as often as possible rather than properties inside the HTML tags: this will make your code more cross-browser
- CSS: don’t mess up visibility and display properties (check here).
- PHP: when performing operation on the filesystem (copy, unlink, ….) or calling external program (through the system function) always check the return values and inform the user about failures.
- HTML: if a “submit” button is used just for an AJAX request or a different Javascript action (without meaning to really submit the form), use button rathen than submit as type (for cross browser compatibility).
- Check inputs containing quotes or double quotes don’t break the system:
- if a PHP variable is put into a Javascript string, you need to escape the characters corresponding to the delimiters of the string
- if a PHP variable is put into the value parameter of an input tag, you need to use the HTML entities corresponding to the delimiters of the string
- Check foreign characters (for example, accented vowels) don’t break the system.
- Check the charset for Apache (in the VirtualHost directive) and for MySQL. They should be UTF8. For MySQL the default one is latin1
alter table mytable charset=utf8;Be Careful! If you change the charset for the database with the command above, probably the single fields will be still the old one. Check dumping the database and work on the dump to amend. - Check you use mysql_real_escape_string for string and a cast to integer for integers for the data in the query that could be malicious (or alternatively the purge-function you have in your personal toolbox).
- Move the rules in .htaccess to the Apache configuration file (VirtualHost section)
- If you need to include some JS on your page that requests external resources (living on other sites), include it at the bottom of the page and not on top otherwise your page might not be displayed if there’s a problem with the other site
- Make sure all the vital functionality (such as signing up) can be performed also with Javascript disabled, or, at least, notify the user that they need JS enabled.
Linux, PHP, LAMP, The Web in a blog- Android – how to develop directly on a phone
- Android drawable default icons – they are free to use
- Android how to read and write files
- Uncompress on the fly when copying a file from a remove location with scp
- Setting up an encrypted volume on an external hard drive on CentOS
- Linux bash – tar tricks
- Implement Selenium tests
- Using a downloaded package without IDE in Java
- CSS selectors optimisation
- Ubuntu Linux on Acer Aspire AO751h
