𝗣𝗛𝗣 𝗕𝘂𝗴𝘀 #𝟮𝟭 𝘁𝗼 #𝟯𝟬: 𝗖𝗼𝗺𝗺𝗼𝗻 𝗠𝗶𝘀𝘁𝗮𝗸𝗲𝘀
PHP lets you make mistakes without warning. It often continues running even when things fail. This leads to silent data corruption or security holes.
Here are 10 critical bugs to avoid:
Multibyte Text strlen() counts bytes, not characters. This breaks Hindi or emoji text. Use mb_strlen() instead.
Unvalidated API Calls file_get_contents() can fail silently. json_decode() can return null. Always check if the response is false and verify json_last_error().
Temporary Cookies setcookie() without an expiry date deletes the cookie when the browser closes. Set an expiry time and use the httponly flag to prevent XSS attacks.
Unsafe File Uploads Checking file extensions is not enough. Hackers rename shell.php to shell.jpg. Use finfo_file() to check the actual MIME type.
Math with Formatted Strings PHP stops reading numbers at a comma. "1,299.00" becomes 1. Strip commas with str_replace() before calculating. Store raw numbers in your database.
Shared Static Properties Static properties belong to the class, not the object. Every instance shares the same data. Use regular public properties for user-specific data.
Redirects Without Exit header("Location: ...") only sends an instruction to the browser. The server keeps running the script. Always call exit() after a redirect.
SQL Injection Putting variables directly into query strings allows hackers to control your database. Use prepared statements with PDO.
Memory Crashes file_get_contents() loads entire files into RAM. This crashes your server on large files. Use fopen() and fgets() to read files line by line.
Silent Database Errors PDO stays silent by default. Errors return false instead of throwing exceptions. Set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION.
The solution is simple: be explicit. Check every return value. Validate every input. Never assume a function worked.
Full article: https://dev.to/bikkisingh/php-bugs-21-to-30-common-mistakes-every-php-developer-must-knowpublished-5hbp