Rubrika Web Development
Most tutorials and linters force you to shove const everywhere you
look. But a constant that's only a constant by accident isn't a constant –
it's cognitive overhead. I explain why “prefer-const” is an anti-pattern
and why a simple let is all you need.
Empty string or NULL? This seemingly trivial question can break queries, JOINs, and the nerves of entire teams. I'll show you how to use CHECK constraints in MySQL 8.0.16+ to enforce one approach and put an end to inconsistency once and for all.
Directly renaming values in a MySQL ENUM is a recipe for disaster – data will vanish faster than you can say “backup.” The proper approach has three steps: extend the ENUM with new values, update the data, and only then remove the old ones. No magic, just common sense.
I built one monumental regular expression that can actually parse an entire HTML 5 document – entities, tags, comments, doctype, everything. It works. And it's absolutely useless. But the journey there is worth every backreference.
The CSRF attack has been haunting us for twenty years, and frameworks address it in a way that essentially invites users to bypass the protection. SameSite cookies finally offer a systemic way out. I break down Lax, Strict, None, cookie stuffing, and why when it comes to the attack, the right answer is: run.
Whitelisting domains in CSP is a Sisyphean task that ends up so full of holes it loses all meaning – even Google has proven that. A solution called nonce and strict-dynamic exists, but you need to combine it correctly for older browsers. A specific guide for PHP and Nette, including dry-run testing.
I wanted to deploy a preprocessor in a real project and all three of them broke image paths, couldn't handle media queries with @import, and required fucking up a clean directory structure. After a year and a quarter of waiting for bug fixes, LESS won – the only one that grew up.
Manually uploading files via FTP belongs in the same category as editing directly on the server – masochism. FTP Deployment is my PHP script that turns deployment into a one-click affair: it compares fingerprints, uploads only changed files, and does the whole thing transactionally.
Trailing slash, capital letters, www, or query parameter order – small details that users overlook, but search engines can go crazy over. Bing can't tell an acid from a database transaction, and most search engines can't index similar URLs as different pages. A practical breakdown of where SEO traps lurk and how to avoid them.
Half of all websites are full of holes because of something that is fundamentally a trivial character substitution. I've written the definitive overview of escaping for all contexts – HTML, SQL, JavaScript, CSS, URL – because the confusion around this simple thing is an immortal evergreen.
That's all. More articles are on the way.
