What's wrong with this PHP implode argument order?
What's wrong with this PHP implode argument order in PHP 7. The PHP code uses implode with glue and array in wrong order. In PHP 7 it works by coercion but PHP 8 enforces types and crashes.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpimplode #phpargumentord...
Why does this PHP empty filename pass validation?
Why does this PHP empty filename pass validation in upload. The PHP code checks only $_FILES error but not name. In PHP a no-file upload has empty name and can overwrite with path traversal.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpupload #phpfilename #ph...
Why does this PHP variable variable overwrite globals?
Why does this PHP variable variable overwrite globals in a mapper. The PHP code uses variable variables from user input. In PHP apps this can overwrite trusted variables and escalate privileges.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpvariablevariab...
Why does this PHP cache keep missing real zeros?
Why does this PHP cache keep missing real zeros in a quota service. The PHP code treats falsey values as cache misses, so real zero quotas keep hammering the database. In PHP APIs this causes unnecessary load and latency spikes.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpen...
What's wrong with this PHP in_array that lets bad values through?
What's wrong with this PHP in_array that lets bad values through in validation. The PHP code uses in_array without strict mode, so 0 equals false and passes. In PHP API validation this accepts invalid input silently.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #...
What's wrong with this PHP file_get_contents on URL without timeout?
What's wrong with this PHP file_get_contents on URL without timeout. The PHP code fetches a remote URL with default stream context. In PHP services a slow upstream hangs the worker indefinitely.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #php...
What's wrong with this PHP Closure capturing loop variable?
What's wrong with this PHP Closure capturing loop variable by reference. The PHP code creates closures in a loop that capture the same variable. In PHP async all callbacks see the final value.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpclosure #ph...
Why does this PHP preg_match offset break position check?
Why does this PHP preg_match offset break position check. The PHP code uses preg_match with offset on a substring but returns position relative to offset. In PHP parsing this returns wrong index.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phppregmatch ...
What's wrong with this PHP file_put_contents LOCK race?
What's wrong with this PHP file_put_contents LOCK_EX not preventing all races. The PHP code writes with LOCK_EX but another process can read before lock. In PHP cache layers this causes torn reads.
#whatswrongwiththisphpcode #phpbug #phpproductionbug #phpdebugging #phpbackend #phpcodereview #phpsecurity #phpperformance #phpreliability #phpapi #phpwebdevelopment #phpengineering #phpfileputcon...
The PHP Foundation
Turbo Learn PHP