What's wrong with this PHP file_put_contents LOCK race?
What's wrong with this PHP file_put_contents LOCK_EX not preventing all races. The PHP code writes with LOCK_EX but another process can read before lock. In PHP cache layers this causes torn reads.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpfileputcon...
What's wrong with this PHP array_unique with objects?
What's wrong with this PHP array_unique with objects in a dedup. The PHP code uses array_unique on object array. In PHP objects are compared by reference so equal objects are kept.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phparrayunique #phpobject #phpco...
What's wrong with this PHP htmlspecialchars still allowing XSS?
What's wrong with this PHP htmlspecialchars still allowing XSS in output. The PHP code uses wrong encoding or omits ENT_QUOTES. In PHP templates this lets attackers inject script tags.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpxss #phphtmlspe...
Why does this PHP empty check block the first valid user?
Why does this PHP empty check block the first valid user in an auth flow. The PHP code uses empty on a user ID, but empty treats the string 0 as true. In PHP login systems this locks out the first registered user.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineer...
Why does this PHP retry charge customers twice?
Why does this PHP retry logic charge customers twice in production. The PHP code retries a payment call after a timeout without an idempotency key, so the gateway processes duplicates. In PHP billing services this creates double charges and refunds.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpw...
Why is this PHP temp file creation risky?
Why is this PHP temp file creation risky in a report worker. The PHP code writes to a predictable path in /tmp, which can be hijacked with symlinks. In PHP servers this can overwrite sensitive files.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phptempfile #phpsymlinkat...
Why does this PHP error_reporting hide the real exception?
Why does this PHP error_reporting hide the real exception in a catch. The PHP code sets error_reporting to 0 inside try. In PHP error handling this suppresses the actual error and hides root cause.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phperrorre...
Why does this PHP SplFileObject seek break iteration?
Why does this PHP SplFileObject seek break iteration in a parser. The PHP code seeks during foreach over the same object. In PHP file parsing this causes skipped or repeated lines.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpsplfileobject #phpseek #phpit...
What's wrong with this PHP array_search check?
What's wrong with this PHP array_search check in an allowlist. The PHP code treats index 0 as false, so the first allowed user is rejected. In PHP access control this silently blocks valid requests.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phparraysearch #phpin...
Why does this PHP switch fall through to wrong case?
Why does this PHP switch fall through to wrong case in a router. The PHP code omits break so execution falls through. In PHP routing this triggers multiple handlers and corrupts state.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpswitch #phpfallthrough #ph...
Turbo Learn PHP