Best Practices

Since I’ve hit the one-year anniversary of being a full-time freelancer, it seems like a fitting time to look back on this blog. Enjoy some of my favorite best practices posts:

Pricing Your Web Design Service
I wrote in this post that I prefer to give clients a fixed price per project, and that’s still true today. I did talk to a lawyer recently who preferred that I charge an hourly rate. That’s the world a lawyer lives in, so that isn’t too surprising. I’ve also worked a few times with a client who prefers me to give 3 different prices for best case, worst case, and expected case. I do that in my quotes, but so far the actual invoice has always been for the expected case.

Read the rest of this entry »

One of the most obvious vulnerabilities of web sites that interact with a database is the SQL injection attack. What’s that you ask? Suppose your site allows visitors to enter information that is used to generate a database query. A common example would be for the user to enter a password. A hacker will attempt to enter unexpected values that will cause unexpected SQL statements to be executed.

Read the rest of this entry »

In part 1 of this series I talked about turning your data audit trail into an interface feature. The primary purpose of an audit trail, though, is to allow you to see a clear picture of every change that has occurred with your data. While the history table solution that I offer is extremely easy to implement, it has the drawback of being contained inside your database. That means your data history is only as secure as your database.

Read the rest of this entry »

During the development of a project, you’ll repeatedly be faced with situations where there are multiple solutions to a problem. One choice is to create a robust answer that is reliable and will adapt well to the changing needs of the customer for the foreseeable future. Another option is a design that addresses the current needs of the system, but may not address variations that could appear down the road. This second option is frequently quicker to implement.

Read the rest of this entry »

You want to believe the best about our users, and for most of them it is appropriate to do so. Unfortunately, there’s always the danger of people coming to the sites you create with the intent to stir up trouble. While it’s less of a problem, you also have to be concerned about innocent users submitting forms with inadvertently dangerous inputs. One (of many!) ways they can attempt to cause mischief is to enter unexpected things into web forms. In this piece, I’m going to specifically address user inputs that attack dynamic web pages, but know databases, mail services, and almost anything that exists on or interacts with your web server is a potential target.

Read the rest of this entry »