Search code examples
mysqlreactjsexpressexpress-validator

eCommerce website - What should I check when inserting data

Hello everyone!

I am working today on a project to make an e-commerce website (Exercise given for my studies). I am currently controlling the different entries that the administrator can make (Creation of a product, a brand etc)

To make my controls I use express-validator and here are my different tables with their parameters:

Customer:

  • User name
  • Email
  • Password

Product:

  • Product Name
  • Description
  • Price
  • Image URL
  • Quantity of product
  • Brand ID

Brand ID:

  • Brand Name
  • Logo URL

And more

I would like to know what is common to verify the validation of the data inserted from an e-commerce site. For example for the user, I verify that when creating an account, the password, email, name is filled (.notEmpty())

I don't know if my question is appropriate but thank you in advance for any answers!

Have a nice day / evening.

Solution

  • So this answer may sound blatant to you and maybe nothing new. But you should validate everything that is coming from the client-side. You just can see what you're sending in your forms or when making a request. For the general guidelines, you can read: https://owasp.org/www-project-top-ten/

    There are a lot of parts like not just security but reliability and such which could look like the same thing but are actually different and really depend on your business requirements and use cases. But I will write my own recommendations of what I observed through many years in web development, keep in mind that my statements are not the only truth or one way to do it or the best practice, so you should take it with a grain of salt, do you your own research and make some informed decisions.

    Most basic things would be:

    Sanitize and validate the data coming from the client-side.

    Set predefined max length of some values if possible.

    Check if an entity exists in a database, like username, product, or product quantity and such.

    Always use the encryption for the passwords recommended at the current time.

    Now more specific business and reliability parts could be (these are just recommendations):

    Recommendations:

    Username should contain letters and/or numbers only

    Username, Email should not be case sensitive.

    Disallow creating a customer with a very similar username like: John or J0hn.

    Also one suggestion I would give is to look at some open source projects and how such things are done there, such projects are quite large so it will definitely take some of your time, but it may give you a better idea of how most of those e-commerce website work in general.

    I really feel like this question and answer would fit better in softwareengineering.stackexchange.com. But anyway just trying to be helpful :)