Security: It’s a vast topic. As a beginner you should write your back-end (nodejs or whatever server environment) so it’s paranoid about what it gets from the front end. For example,:
A common security threat comes from people who put malicious rubbish into the forms on your web apps. Sometimes they can get your server to misbehave, crash, or even spew out users’ confidential information with that rubbish.
Suppose your usernames are supposed to contain only letters, numbers, and underscores. If that’s the case check, ON THE SERVER, the usernames people give you. If they contain other characters, reject them. Whatever you do, DON’T use data that comes to you from your front end without checking it for validity.
And when you handle peoples’ names, always test your code with names like
O'Brien with valid punctuation in them. If you do your checks wrong, they’ll mess up on names like that.
Here’s a famous cartoon about the subject. The kid’s school used a SQL database on the back end.
DROP TABLE Students; is the SQL command to destroy the table containing information for each student. Tee hee.