𝟭𝟬 𝗖𝗼𝗺𝗺𝗼𝗻 𝗣𝗛𝗣 𝗕𝘂𝗴𝘀 𝗶𝗻 𝗥𝗲𝗮𝗹 𝗧𝗶𝗺𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁

𝟭𝟬 𝗖𝗼𝗺𝗺𝗼𝗻 𝗣𝗛𝗣 𝗕𝘂𝗴𝘀 𝗶𝗻 𝗥𝗲𝗮𝗹-𝗧𝗶𝗺𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁

PHP is a forgiving language. This makes it dangerous in production.

Code works on your local machine. Code reviews pass. Then a silent bug hits your live server. It hits real users during a deadline.

These are not textbook bugs. These are real bugs from login systems, e-commerce sites, and client projects.

Here are 10 common bugs and how to fix them.

1. Variable Scope Problem: Variables outside a function are not available inside it. Broken: $user = "Rahul"; function greet() { echo $user; } Fixed: function greet($user) { echo $user; } greet("Rahul");

2. Assignment instead of Comparison Problem: Using = instead of === creates an authentication bypass. Broken: if($isLoggedIn = true) { ... } Fixed: if($isLoggedIn === true) { ... }

3. UTF-8 Text Issues Problem: strlen() counts bytes, not characters. This breaks validation for non-ASCII text. Broken: echo strlen("नमस्ते"); // Returns 18 Fixed: echo mb_strlen("नमस्ते", 'UTF-8'); // Returns 6

4. Missing isset() Problem: Accessing $_POST keys before they exist causes errors. Fixed: $name = $_POST['username'] ?? '';

5. Plain Text Passwords Problem: Storing raw passwords gives attackers full access if your database leaks. Fixed: $hashed = password_hash($password, PASSWORD_BCRYPT);

6. SQL Injection Problem: Putting user input directly into queries lets users read or delete your data. Fixed: $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$_GET['id']]);

7. Redirect without exit() Problem: header() sets a redirect but the script keeps running. Fixed: header("Location: login.php"); exit();

8. Memory Crashes Problem: file_get_contents() loads entire large files into RAM. Fixed: Use fopen() and fgets() to read files line by line.

9. Session Errors Problem: session_start() fails if you send any output first. Fixed: Call session_start() at the very top of your script.

10. Silent Database Errors Problem: PDO hides errors by default. You will not know why a query failed. Fixed: Set PDO::ATTR_ERRMODE to PDO::ERRMODE_EXCEPTION.

Summary Table:

• Variable Scope: Logic Risk • = vs ===: Critical Risk • strlen() UTF-8: Medium Risk • isset() check: Medium Risk • Plain Passwords: Critical Risk • SQL Injection: Critical Risk • Redirect without exit: High Risk • Large Files: High Risk • Session Order: Medium Risk • PDO Error Mode: High Risk

Avoid these three mistakes:

• Unvalidated input
• Unhandled errors
• Wrong assumptions about state

Always validate input. Always handle errors explicitly.

Source: https://dev.to/bikkisingh/10-common-php-bugs-in-real-time-development-with-fixes-1lf7