re: Hello developers 🔥 I have four questions for you. VIEW POST

VIEW FULL DISCUSSION
 

These are some solid questions, but as with most things programming the answer is usually.. It depends. Here is my opinion in general though.

  1. SSR vs SPA? Both. SSR improves SEO and lighthouse scores, not to mention will make your site load faster for users, which is critical. There are some cases, static sites come to mind, where SPA functionality isn't needed. Private project or internal system? SSR might not be needed. It just depends.

  2. Project Structure: Oh boy. Again, it depends. If the project is going to have multiple clients - iOS, Android, PWA, desktop - definitely separate. In this case you can write your api code once, and leverage it across all your target platforms without having a mess of one repository. However, if it is only a PWA/web site, one is probably fine, or even preferred to keep a single list of dependencies.

  3. Hosting: Database, for me at least, is always on its own host for security reasons, and its connection string is never in a config file. As for a client vs backend.. Once it depends. Static site? Github pages is all you need anyway. Some dynamic content? One host is probably fine, however beyond this, it is a good idea to do two things. The first being, run your application in a "cluster" mode (pm2 for node comes to mind), so that it can use all the resources available to it. And second, use a load balancer and reverse proxy - those can be the same, such as nginx. This will one, make your application code work less, and two allow your application to be able to scale if it needs to without user impact.

  4. SQL queries on their own are not safe to use, period. SQL prepared statements are better. Usually, ORMs will do the preparing part for you, at the cost of some performance. However, none of this is entirely enough and you should be taking extra steps to validate your user input before it gets handed off to something that is talking to your database. In my experience the utility that ORMs provide is usually worth it, especially once you are used to them, vs the small trade off of performance you might gain from writing it all yourself. They are also probably better tested.

code of conduct - report abuse