Intermediate terms
Zip Slip
PHP 5.0+
A path traversal attack via crafted archive filenames (e.g. ../../evil.php) that escape the extraction directory during unzip.
CWE-22 OWASP A1:2021
3mo ago
Security intermediate
8.1
Batch Processing
PHP 5.5+
1
Processing records in grouped chunks rather than one at a time, reducing per-record overhead and enabling efficient bulk database operations.
3mo ago
Performance intermediate
bcrypt
PHP 5.5+
1
A deliberately slow password hashing algorithm designed to resist brute-force attacks by tunable computational cost.
CWE-327 OWASP A2:2021
3mo ago
Security intermediate
Closures & Anonymous Functions
PHP 5.3+
1
First-class anonymous functions that can capture variables from their enclosing scope via the use keyword.
3mo ago
PHP intermediate
Cognitive Complexity
7
A readability-focused complexity metric that penalises nesting more heavily than cyclomatic complexity.
3mo ago
Code Quality intermediate
Cross-Site Request Forgery (CSRF)
PHP 5.0+
3
A forged request tricks an authenticated user's browser into performing an unintended action on a site they're logged into.
CWE-352 OWASP A1:2021
3mo ago
Security intermediate
6.5
Cross-Site Scripting (XSS)
PHP 5.0+
2
User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.
CWE-79 OWASP A3:2021
3mo ago
Security intermediate
6.1
Dependency Injection
PHP 5.0+
3
Passing dependencies into a class rather than creating them inside — makes classes testable and loosely coupled.
3mo ago
Code Quality intermediate
Exception Handling (try/catch/finally)
PHP 5.0+
3
PHP's structured error handling mechanism that separates error-path code from the happy path and ensures resource cleanup.
3mo ago
PHP intermediate
Immutability
PHP 8.1+
3
Objects whose state cannot change after construction — immutable objects are inherently thread-safe, predictable, and easy to reason about.
3mo ago
Code Quality intermediate
Insecure Direct Object Reference (IDOR)
PHP 5.0+
1
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
3mo ago
Security intermediate
7.5
N+1 Query Problem
PHP 5.0+ Executing one query to get N records, then N more queries to fetch related data — one per record.
3mo ago
Performance intermediate
OPcache
PHP 5.5+
8
A PHP extension that caches precompiled bytecode in shared memory, eliminating repeated parsing and compilation overhead.
3mo ago
PHP intermediate
Prepared Statement
PHP 5.1+
2
A parameterised SQL query where data placeholders are bound separately from the query structure, preventing SQL injection.
3mo ago
PHP intermediate
Rate Limiting
PHP 5.0+
1
Restricting the number of requests a client can make in a given time window to prevent abuse, DoS, and credential stuffing.
CWE-770 OWASP A5:2021
3mo ago
Performance intermediate
Repository Pattern
PHP 5.0+
2
Abstracts the data persistence layer behind an interface, decoupling domain logic from database implementation details.
3mo ago
General intermediate
Session Fixation
PHP 5.0+
1
An attacker forces a victim to use a known session ID, then hijacks their session after they authenticate.
CWE-384 OWASP A7:2021
3mo ago
Security intermediate
8.0
SOLID Principles (Overview)
PHP 5.0+
1
Five object-oriented design principles — SRP, OCP, LSP, ISP, DIP — that together guide towards maintainable, extensible code.
3mo ago
Code Quality intermediate
SQL Injection
PHP 5.1+
4
Unsanitised user input inserted directly into a SQL query, letting attackers read, modify, or delete database data.
CWE-89 OWASP A3:2021
3mo ago
Security intermediate
9.8
Asymmetric Visibility (PHP 8.4)
PHP 8.4+
PHP 8.4 asymmetric visibility lets you set different access levels for reading and writing a property — public(get) protected(set) — without getter/setter methods.
PHP intermediate