Every couple of months I like to go back to an old project and show it some love and attention. And every few months I'm surprised at how outdated my old code feels. Things change fast in this field and it's definitely difficult to keep up with everything. Just a few years ago everyone was placing images on the corners of divs in order to give them the rounded look, and now you just add a border-radius rule and you're good to go. So today I'm going to revisit a really really old project that I've had tucked away for a bit and see just how it's holding up. I'm already expecting a few big issues, which I've outlined down below.
The Big Issues
There are a few major things that I look for when working on old code.
- Updated frameworks
- Easier to use frameworks
- Deprecated content
- Security issues
- Bad/unused code
- Sometimes things stop working
The first thing that I like to do when revisiting an old website is running and compiling it to make sure that it still runs. Maybe I've made changes that I never finished and maybe I'm using an outdated framework and the latest version doesn't work well with it. Which is actually what happened.
Oudated Frameworks
This one might just pertain to me, but when I went to go fire up my old .NET MVC project from a few years ago, back when ASP.NET MVC was a young pup, it immediately failed. The culprit was the reference to the MVC library. It was broken it looked like, so I went ahead and deleted that reference and added a fresh new one. This time it compiled, but it didn't run. The paths were all broken it seems. But to be fair this is really old code running on a first gen generation and so things change I guess. I'll definitely need to get to the bottom of this though, otherwise there goes my website.
Unused code/scripts
Because in my head, one day I'm going to revisit this code and polish it up. But 5 years later, I know realize that I am not. Having excess unused code lying around just keeps compilation speeds up and pretty much just leaves you confused as to how your website works. I found myself looking at 5 different MasterPages, each completely different and all but 1 not being used. And because I have this project in source control, there really isn't a reason to keep old layouts around.
not using any of these
And one of my biggest pet peeves, unused JavaScript libraries and frameworks. I see it all the time on professional websites and its worth the 20 seconds that it will take to see if it's being used to remove it. It makes your websites faster and once again less confusing to anyone working on it. I was referencing every social button under the sun, from Twitter to Facebook, and I'm not using a single one. It's an easy fix, and I actually feel great once its gone, because it's less code bogging down the site.
I also found tons of unused functions that I wrote and maybe used at some point, but have since said goodbye to. And this makes working on that website a hassle, mainly because I'm not sure what's important and what's not. So a quick control + F to see if it's being used anywhere, and good riddance I say.
Security Issues
Probably the most important reason to revisit old code though is to update and fix those pesky security issues that were probably left behind from your younger days. That could be anything from potential SQL injection risks to script injection to unencrypted passwords. Who knows what was going on 6-7 years ago in your head!
var UserId = GetUserId();
string sql = "SELECT COUNT(*) FROM Mail WHERE UserId = " + UserId;
My old websites have code like this scattered around. Many times because it's quicker and sometimes because I was just lazy and forgot to use parameterized queries. Not an excuse. This is why so many websites still get hacked this day and age. Lucky for me, most of my database interaction is done through an abstraction layer, so the only thing I need to change is the code in that layer and it should propagate through the entire project.
Another think to look out for is potential script injection exploits. Letting users add content to your website is a great way to get fresh content, but letting them add "any" content is a big mistake. The easiest way is to HTML encode everything properly when storing user content, that way there is no way of anything but text getting displayed. Fortunately, I'm good in this department, as I didn't have many user input areas.
My emails stopped sending
On this particular site I have a feature where users can send each other messages if they're "friends" already. Normally when this happens, the recipient gets an email linking directly to the message. Well..at least they used to. Turns out the credentials to the mail server are outdated, due to me, and thus, this hasn't worked in who knows how long.
This happens all too often too. Particularly when relying on an outside service for something. Sometimes those services go under and you don't realize it. Sometimes that plugin that does all those nifty things, needs to call home to verify itself and work, and sometimes there is no home for it to call to. Sad. But that's just another reason to audit your websites every couple of months to make sure that everything is running in order.
Lesson learned
Bugs, errors, mistakes are going to happen regardless. The worst thing you could do, is just leave them there and never look back and assume that your websites will run flawlessly forever. And to be honest, it's kind of fun to go back and visit old code. You get to make improvements and speed things up and you also get to see how your mind worked back then. Looking at the code on my old site, I can see that not too much has changed. And that's not a bad thing. It's been working fine for this long and just needed a bit of grease to speed some things up. So open up that old project and get to investigating, because I'm sure somewhere in those depths you'll find something of value.
Walter Guevara is a software engineer, startup founder and currently teaches programming for a coding bootcamp. He is currently building things that don't yet exist.
Stay up to date
Sign up for my FREE newsletter. Get informed of the latest happenings in the programming world.