With the past two years, there’s been an incredible development in my experience and knowledge as a software developer. Still, it’s important to look back at ones mistakes and learn from them. I still have the complete source code and database of my very first large scale program. The year was 2007 (I think) when I first discovered the Dragon Knight open source MMORPG project. In no time at all I had the system up and running in localhost and the next summer (or two) went into learning web technologies, programming and CS in general. Now, as part of a software testing course assignment, I had the incentive to look back and write down some notes.
- Don't use PHP closing tags in php-only files
- If you have a single entry point (framework index.php), do a check in the first line of every file that the entry point is used. Kohana does that with a constant defined check that dies on failure.
- DRY: put config into one place
- Use InnoDB relational tables
- Don't mix Models, Views, Controllers in a single file - use arhitecture. It's also DRY!
- I18n mostly everything. You don't have to actually translate it, just make it translatable in the future. In Kohana: use the __() function. For javascript, find a library.
- Keep font sizes and color contrasts readable
- Always let the user visually distinguish where (s)he is in terms of navigation. Breadcrumbs are a good idea. Back links should be present in multi-staged navigation. Logo should link to the index page. The user shouldn't feel lost.
- Main navigation should be visible on all pages (there are justified exceptions)
- Be consistent: an UI element that act the same should always look so, too. Don't make one link blue, the other green, if they behave the same. DO make a link red if it's dangerous, but not simply for fun.
- Avoid opening multiple popup windows, use modal dialogs, tooltips, javascript plugins to present the information. When you do open a popup, make sure it's sized so that the user doesn't have to resize it to see the whole content.
- Don't hardcode system messages via a query string (...&messageID=1) (nor ?message=Please+Try+Again)
- Test against security vulnerabilities! Malicious input (injection, XSS) in particular.